fix: Address CodeRabbit review comments

BrandtKruger · BrandtKruger · commit 4c5f15b73961 · 2026-01-28T18:27:14.000+02:00
- Change State.ACTIVE to State.TEST in ConnectionIdTest for consistency
- Fix testGetConnectionIdPreferDirectOverNested to properly test preference
  - Add generateIDTokenWithBothConnectionIds() method to JwtGenerator
  - Test now verifies direct connection_id is preferred over nested
- Fix KindeAuthenticationFilter and KindeAuthenticationServlet:
  - Add missing supports_reauth=true for REGISTER action
  - Add missing is_create_org=true for CREATE_ORG action
  - Fix typo: 'proved' -&gt; 'provided'
- Ensure parameter preservation matches dedicated method behavior
diff --git a/.vscode/settings.json b/.vscode/settings.json
@@ -0,0 +1,3 @@
+{
+    "java.compile.nullAnalysis.mode": "automatic"
+}
diff --git a/kinde-core/src/test/java/com/kinde/session/ConnectionIdTest.java b/kinde-core/src/test/java/com/kinde/session/ConnectionIdTest.java
@@ -24,7 +24,7 @@ public class ConnectionIdTest {
     public void setUp() {
         KindeGuiceSingleton.fin();
         KindeEnvironmentSingleton.fin();
-        KindeEnvironmentSingleton.init(KindeEnvironmentSingleton.State.ACTIVE);
+        KindeEnvironmentSingleton.init(KindeEnvironmentSingleton.State.TEST);
         
         KindeGuiceSingleton.init(
                 new KindeCoreGuiceTestModule(),
diff --git a/kinde-core/src/test/java/com/kinde/token/ConnectionIdTokenTest.java b/kinde-core/src/test/java/com/kinde/token/ConnectionIdTokenTest.java
@@ -52,18 +52,18 @@ public void testGetConnectionIdWhenNotPresent() throws Exception {
     @Test
     @DisplayName("getConnectionId should prefer direct connection_id over nested ext_provider.connection_id")
     public void testGetConnectionIdPreferDirectOverNested() throws Exception {
-        // Create a token with direct connection_id
+        // Create a token with both direct and nested connection_id to test preference
         String directConnectionId = "conn_direct_123";
+        String nestedConnectionId = "conn_nested_456";
         
-        // For this test, we'll use the direct one and verify it's preferred
-        String tokenString = JwtGenerator.generateIDTokenWithConnectionId(directConnectionId);
+        String tokenString = JwtGenerator.generateIDTokenWithBothConnectionIds(directConnectionId, nestedConnectionId);
         
         KindeToken kindeToken = IDToken.init(tokenString, true);
         
         assertNotNull(kindeToken);
         assertTrue(kindeToken.valid());
         assertEquals(directConnectionId, kindeToken.getConnectionId(), 
-                "getConnectionId() should prefer direct connection_id claim");
+                "getConnectionId() should prefer direct connection_id over ext_provider.connection_id");
     }
 
     @Test
diff --git a/kinde-core/src/test/java/com/kinde/token/jwt/JwtGenerator.java b/kinde-core/src/test/java/com/kinde/token/jwt/JwtGenerator.java
@@ -305,4 +305,44 @@ public static String generateIDTokenWithExtProviderConnectionId(String connectio
         signedJWT.sign(signer);
         return signedJWT.serialize();
     }
+
+    @SneakyThrows
+    public static String generateIDTokenWithBothConnectionIds(String directConnectionId, String nestedConnectionId) {
+        RSAKey rsaJWK = new RSAKeyGenerator(2048)
+                .keyID("123")
+                .generate();
+
+        JWSSigner signer = new RSASSASigner(rsaJWK);
+        Date now = new Date();
+
+        Map<String,Object> featureFlags = new HashMap<>();
+        featureFlags.put("test_str","test_str");
+        featureFlags.put("test_integer",Integer.valueOf(1));
+        featureFlags.put("test_boolean",Boolean.valueOf(false));
+
+        Map<String, Object> extProvider = new HashMap<>();
+        extProvider.put("connection_id", nestedConnectionId);
+
+        JWTClaimsSet jwtClaims = new JWTClaimsSet.Builder()
+                .issuer("https://openid.net")
+                .subject("test")
+                .audience(Arrays.asList("https://kinde.com"))
+                .expirationTime(new Date(now.getTime() + 1000*60*10))
+                .notBeforeTime(now)
+                .issueTime(now)
+                .claim("permissions",Arrays.asList("test1","test1"))
+                .claim("org_codes",Arrays.asList("test1","test1"))
+                .claim("feature_flags",featureFlags)
+                .claim("connection_id", directConnectionId)
+                .claim("ext_provider", extProvider)
+                .jwtID(UUID.randomUUID().toString())
+                .build();
+
+        SignedJWT signedJWT = new SignedJWT(
+                new JWSHeader.Builder(JWSAlgorithm.RS256).keyID(rsaJWK.getKeyID()).build(),
+                jwtClaims);
+
+        signedJWT.sign(signer);
+        return signedJWT.serialize();
+    }
 }
diff --git a/kinde-j2ee/src/main/java/com/kinde/filter/KindeAuthenticationFilter.java b/kinde-j2ee/src/main/java/com/kinde/filter/KindeAuthenticationFilter.java
@@ -81,17 +81,19 @@ protected void doFilter(ServletRequest servletRequest, ServletResponse servletRe
                 } else {
                     Map<String, String> registerParams = new HashMap<>(parameters);
                     registerParams.put("prompt", "create");
+                    registerParams.put("supports_reauth", "true");
                     authorizationUrl = kindeClientSession.authorizationUrlWithParameters(registerParams);
                 }
             } else if (kindeAuthenticationAction == KindeAuthenticationAction.CREATE_ORG) {
                 if (req.getParameter(ORG_NAME) == null) {
-                    throw new ServletException("Must proved org_name query parameter to create an organisation.");
+                    throw new ServletException("Must provide org_name query parameter to create an organisation.");
                 }
                 if (parameters.isEmpty()) {
                     authorizationUrl = kindeClientSession.createOrg(req.getParameter(ORG_NAME));
                 } else {
                     Map<String, String> createOrgParams = new HashMap<>(parameters);
                     createOrgParams.put("prompt", "create");
+                    createOrgParams.put("is_create_org", Boolean.TRUE.toString());
                     createOrgParams.put("org_name", req.getParameter(ORG_NAME));
                     authorizationUrl = kindeClientSession.authorizationUrlWithParameters(createOrgParams);
                 }
diff --git a/kinde-j2ee/src/main/java/com/kinde/servlet/KindeAuthenticationServlet.java b/kinde-j2ee/src/main/java/com/kinde/servlet/KindeAuthenticationServlet.java
@@ -79,6 +79,7 @@ protected void doGet(HttpServletRequest req, HttpServletResponse resp, KindeAuth
                 } else {
                     Map<String, String> registerParams = new HashMap<>(parameters);
                     registerParams.put("prompt", "create");
+                    registerParams.put("supports_reauth", "true");
                     authorizationUrl = kindeClientSession.authorizationUrlWithParameters(registerParams);
                 }
             } else if (kindeAuthenticationAction == KindeAuthenticationAction.CREATE_ORG) {
@@ -90,6 +91,7 @@ protected void doGet(HttpServletRequest req, HttpServletResponse resp, KindeAuth
                 } else {
                     Map<String, String> createOrgParams = new HashMap<>(parameters);
                     createOrgParams.put("prompt", "create");
+                    createOrgParams.put("is_create_org", Boolean.TRUE.toString());
                     createOrgParams.put("org_name", req.getParameter(ORG_NAME));
                     authorizationUrl = kindeClientSession.authorizationUrlWithParameters(createOrgParams);
                 }

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+{`
	`2`	`+ "java.compile.nullAnalysis.mode": "automatic"`
	`3`	`+}`