From 75e37026ce8824052107d1fd5f3a3a6f0ded0e22 Mon Sep 17 00:00:00 2001
From: Alex Kirk <akirk@users.noreply.github.com>
Date: Fri, 12 Jan 2024 16:25:05 +0100
Subject: [PATCH 1/2] Prevent returning 401 for other successful OAuth plugins

---
 includes/class-indieauth-authorize.php | 5 +++++
 tests/test-authorize.php               | 7 +++++++
 2 files changed, 12 insertions(+)

diff --git a/includes/class-indieauth-authorize.php b/includes/class-indieauth-authorize.php
index 1dfc5bd..24e60cd 100644
--- a/includes/class-indieauth-authorize.php
+++ b/includes/class-indieauth-authorize.php
@@ -89,6 +89,11 @@ public function get_indieauth_response( $response ) {
 	 * @return WP_Error|null Error if one is set, otherwise null.
 	 */
 	public function rest_authentication_errors( $error = null ) {
+		if ( is_user_logged_in() ) {
+			// Another OAuth plugin successfully authenticated.
+			return null;
+		}
+
 		if ( ! empty( $error ) ) {
 			return $error;
 		}
diff --git a/tests/test-authorize.php b/tests/test-authorize.php
index b145574..a62e087 100644
--- a/tests/test-authorize.php
+++ b/tests/test-authorize.php
@@ -63,6 +63,8 @@ public function test_authorize_bearer() {
 		$authorize->load();
 		$user_id = apply_filters( 'determine_current_user', false );
 		$this->assertEquals( $user_id, self::$author_id );
+		wp_set_current_user( $user_id );
+		$this->assertNull( $authorize->rest_authentication_errors() );
 	}
 
 	public function test_authorize_bearer_other_non_matching_provider() {
@@ -80,6 +82,8 @@ public function test_authorize_bearer_other_non_matching_provider() {
 		$authorize->load();
 		$user_id = apply_filters( 'determine_current_user', false );
 		$this->assertEquals( $user_id, self::$author_id );
+		wp_set_current_user( $user_id );
+		$this->assertNull( $authorize->rest_authentication_errors() );
 	}
 
 	public function test_authorize_bearer_other_provider() {
@@ -96,6 +100,8 @@ public function test_authorize_bearer_other_provider() {
 		$authorize->load();
 		$user_id = apply_filters( 'determine_current_user', false );
 		$this->assertEquals( $user_id, self::$author_id );
+		wp_set_current_user( $user_id );
+		$this->assertNull( $authorize->rest_authentication_errors() );
 	}
 
 	public function test_authorize_bearer_no_valid_token_other_provider() {
@@ -112,6 +118,7 @@ public function test_authorize_bearer_no_valid_token_other_provider() {
 		$authorize->load();
 		$user_id = apply_filters( 'determine_current_user', false );
 		$this->assertFalse( $user_id );
+		$this->assertTrue( is_wp_error( $authorize->rest_authentication_errors() ) );
 	}
 
 	// Tests map_meta_cap for standard permissions

From b1fdeb942d906659937078a3448bfe934f97299f Mon Sep 17 00:00:00 2001
From: Alex Kirk <akirk@users.noreply.github.com>
Date: Fri, 12 Jan 2024 16:28:33 +0100
Subject: [PATCH 2/2] typos

---
 includes/class-indieauth-authorize.php | 2 +-
 tests/test-authorize.php               | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/includes/class-indieauth-authorize.php b/includes/class-indieauth-authorize.php
index 24e60cd..e58d260 100644
--- a/includes/class-indieauth-authorize.php
+++ b/includes/class-indieauth-authorize.php
@@ -90,7 +90,7 @@ public function get_indieauth_response( $response ) {
 	 */
 	public function rest_authentication_errors( $error = null ) {
 		if ( is_user_logged_in() ) {
-			// Another OAuth plugin successfully authenticated.
+			// Another OAuth2 plugin successfully authenticated.
 			return null;
 		}
 
diff --git a/tests/test-authorize.php b/tests/test-authorize.php
index a62e087..d30204a 100644
--- a/tests/test-authorize.php
+++ b/tests/test-authorize.php
@@ -118,6 +118,7 @@ public function test_authorize_bearer_no_valid_token_other_provider() {
 		$authorize->load();
 		$user_id = apply_filters( 'determine_current_user', false );
 		$this->assertFalse( $user_id );
+		wp_set_current_user( $user_id );
 		$this->assertTrue( is_wp_error( $authorize->rest_authentication_errors() ) );
 	}