From db32baa60e043f31b5189dd0d18da9c4a567554e Mon Sep 17 00:00:00 2001
From: Robert Staddon <robert@abundantdesigns.com>
Date: Wed, 1 Jun 2016 11:46:16 -0500
Subject: [PATCH 1/2] Allow users to login with WP account after using OpenID
 Connect

Resolve a bug that prevented users from logging in with their WordPress
credentials after having logged in via OpenID Connect.
---
 includes/openid-connect-generic-client-wrapper.php | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/includes/openid-connect-generic-client-wrapper.php b/includes/openid-connect-generic-client-wrapper.php
index 37b43aa..545ba3d 100644
--- a/includes/openid-connect-generic-client-wrapper.php
+++ b/includes/openid-connect-generic-client-wrapper.php
@@ -138,6 +138,12 @@ class OpenID_Connect_Generic_Client_Wrapper {
 	 * Remove cookies
 	 */
 	function wp_logout() {
+		// set OpenID Connect user flag to false on logout to allow users to log into the same account without OpenID Connect
+		if( $this->settings->link_existing_users ) {
+			if( get_user_meta( wp_get_current_user()->ID, 'openid-connect-generic-user', TRUE ) )
+				update_user_meta( wp_get_current_user()->ID, 'openid-connect-generic-user', FALSE );
+		}
+		
 		setcookie( $this->cookie_id_key, false, 0, COOKIEPATH, COOKIE_DOMAIN, is_ssl() );
 	}
 
@@ -300,6 +306,11 @@ class OpenID_Connect_Generic_Client_Wrapper {
 		update_user_meta( $user->ID, 'openid-connect-generic-last-id-token-claim', $id_token_claim );
 		update_user_meta( $user->ID, 'openid-connect-generic-last-user-claim', $user_claim );
 
+		// if we're allowing users to use WordPress and OpenID Connect, we need to set this to true at every login
+		if( $this->settings->link_existing_users ) {
+			update_user_meta( $user->ID, 'openid-connect-generic-user', TRUE );
+		}
+		
 		// save our authorization cookie for the response expiration
 		$oauth_expiry = $token_response['expires_in'] + current_time( 'timestamp', TRUE );
 		setcookie( $this->cookie_id_key, $subject_identity, $oauth_expiry, COOKIEPATH, COOKIE_DOMAIN, is_ssl() );
@@ -422,7 +433,7 @@ class OpenID_Connect_Generic_Client_Wrapper {
 			$username = $this->get_username_from_claim( $user_claim );
 		}
 
-		// Before trying to create the user, first check if a user with the same email already exists
+		// before trying to create the user, first check if a user with the same email already exists
 		if( $this->settings->link_existing_users ) {
 			if( $uid = email_exists( $email ) ) {
 				return $this->update_existing_user( $uid, $subject_identity );

From 960f475aadad05a50b0404eee8dda631bfacd712 Mon Sep 17 00:00:00 2001
From: Robert Staddon <robert@abundantdesigns.com>
Date: Wed, 1 Jun 2016 11:50:41 -0500
Subject: [PATCH 2/2] Update readme and version numbers for 3.0.6

---
 openid-connect-generic.php | 2 +-
 readme.md                  | 3 +++
 readme.txt                 | 6 +++++-
 3 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/openid-connect-generic.php b/openid-connect-generic.php
index 80c13cc..c6249a1 100644
--- a/openid-connect-generic.php
+++ b/openid-connect-generic.php
@@ -3,7 +3,7 @@
 Plugin Name: OpenID Connect - Generic Client
 Plugin URI: https://github.com/daggerhart/openid-connect-generic
 Description:  Connect to an OpenID Connect identity provider with Authorization Code Flow
-Version: 3.0.5
+Version: 3.0.6
 Author: daggerhart
 Author URI: http://www.daggerhart.com
 License: GPLv2 Copyright (c) 2015 daggerhart
diff --git a/readme.md b/readme.md
index 5911ffe..4dc538e 100644
--- a/readme.md
+++ b/readme.md
@@ -33,6 +33,9 @@ Replace `example.com` with your domain name and path to WordPress.
 
 ### Changelog
 
+**3.0.6**
+
+* If "Link Existing Users" is enabled, allow users who login with OpenID Connect to also log in with WordPress credentials
 
 **3.0.5**
 
diff --git a/readme.txt b/readme.txt
index fcf3930..54acc01 100644
--- a/readme.txt
+++ b/readme.txt
@@ -3,7 +3,7 @@ Contributors: daggerhart
 Donate link: http://www.daggerhart.com/
 Tags: security, login, oauth2, openidconnect, apps, authentication, autologin, sso 
 Requires at least: 4
-Tested up to: 4.2.2
+Tested up to: 4.5.2
 Stable tag: trunk
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
@@ -40,6 +40,10 @@ Replace `example.com` with your domain name and path to WordPress.
 
 == Changelog ==
 
+= 3.0.6 =
+
+* If "Link Existing Users" is enabled, allow users who login with OpenID Connect to also log in with WordPress credentials
+
 = 3.0.5 =
 
 * Added [openid_connect_generic_login_button] shortcode to allow the login button to be placed anywhere