From a3834f3a13a27d11e18391c5108fc5ecd6dc2177 Mon Sep 17 00:00:00 2001
From: Przemyslaw Motacki <przemyslaw.motacki@snowflake.com>
Date: Mon, 25 Nov 2024 13:33:13 +0100
Subject: [PATCH] SNOW-1689931 Adding flag to skip token file permission
 verification

---
 .../config/SFConnectionConfigParser.java      |  2 +-
 .../config/SFConnectionConfigParserTest.java  | 39 ++++++++++++++++---
 2 files changed, 34 insertions(+), 7 deletions(-)

diff --git a/src/main/java/net/snowflake/client/config/SFConnectionConfigParser.java b/src/main/java/net/snowflake/client/config/SFConnectionConfigParser.java
index 4bf50e1d2..a060e87d4 100644
--- a/src/main/java/net/snowflake/client/config/SFConnectionConfigParser.java
+++ b/src/main/java/net/snowflake/client/config/SFConnectionConfigParser.java
@@ -70,7 +70,7 @@ public static ConnectionParameters buildConnectionParameters() throws SnowflakeS
           if (!token.isEmpty()) {
               putPropertyIfNotNull(connectionProperties, "token", token.trim());
           } else {
-            throw new SnowflakeSQLException("Token must be set when the authenticator type is OAUTH");
+            throw new SnowflakeSQLException("Non-empty token must be set when the authenticator type is OAUTH");
           }
         } catch (Exception ex) {
           throw new SnowflakeSQLException(ex, "There is a problem during reading token from file");
diff --git a/src/test/java/net/snowflake/client/config/SFConnectionConfigParserTest.java b/src/test/java/net/snowflake/client/config/SFConnectionConfigParserTest.java
index 46339e95c..3ac877f45 100644
--- a/src/test/java/net/snowflake/client/config/SFConnectionConfigParserTest.java
+++ b/src/test/java/net/snowflake/client/config/SFConnectionConfigParserTest.java
@@ -48,7 +48,11 @@ public void setUp() throws IOException {
     tempPath = Files.createTempDirectory(".snowflake");
     ENV_VARIABLES_KEYS
             .stream()
-            .forEach(key -> envVariables.put(key, SnowflakeUtil.systemGetEnv(key)));
+            .forEach(key -> {
+              if (SnowflakeUtil.systemGetEnv(key) != null) {
+                envVariables.put(key, SnowflakeUtil.systemGetEnv(key));
+              }
+            });
   }
 
   @After
@@ -58,9 +62,8 @@ public void close() throws IOException {
     SnowflakeUtil.systemUnsetEnv(SKIP_TOKEN_FILE_PERMISSIONS_VERIFICATION);
     Files.walk(tempPath).map(Path::toFile).forEach(File::delete);
     Files.delete(tempPath);
-    ENV_VARIABLES_KEYS
-            .stream()
-            .forEach(key ->  SnowflakeUtil.systemSetEnv(key, envVariables.get(key)));
+    envVariables
+            .forEach((key, value)  -> SnowflakeUtil.systemSetEnv(key, value));
   }
 
   @Test
@@ -162,6 +165,19 @@ public void shouldThrowExceptionIfNoneOfHostAndAccountIsSet() throws IOException
     Assert.assertThrows(
         SnowflakeSQLException.class, () -> SFConnectionConfigParser.buildConnectionParameters());
   }
+  @Test
+  public void shouldThrowExceptionIfTokenIsNotSetForOauth() throws IOException {
+    SnowflakeUtil.systemSetEnv(SNOWFLAKE_HOME_KEY, tempPath.toString());
+    SnowflakeUtil.systemSetEnv(SNOWFLAKE_DEFAULT_CONNECTION_NAME_KEY, "default");
+    SnowflakeUtil.systemSetEnv(SKIP_TOKEN_FILE_PERMISSIONS_VERIFICATION, "true");
+    File tokenFile = new File(Paths.get(tempPath.toString(), "token").toUri());
+//    File emptyTokenFile = new File(Paths.get(tempPath.toString(), "emptyToken").toUri());
+    prepareConnectionConfigurationTomlFile(
+            Collections.singletonMap("token_file_path", tokenFile.toString()), true, false, "");
+
+    Assert.assertThrows(
+        SnowflakeSQLException.class, () -> SFConnectionConfigParser.buildConnectionParameters());
+  }
 
   private void prepareConnectionConfigurationTomlFile() throws IOException {
     prepareConnectionConfigurationTomlFile(null, true, true);
@@ -172,7 +188,13 @@ private void prepareConnectionConfigurationTomlFile(Map moreParameters) throws I
   }
 
   private void prepareConnectionConfigurationTomlFile(
-      Map moreParameters, boolean onlyUserPermissionConnection, boolean onlyUserPermissionToken)
+          Map moreParameters, boolean onlyUserPermissionConnection, boolean onlyUserPermissionToken)
+          throws IOException {
+     prepareConnectionConfigurationTomlFile(moreParameters, onlyUserPermissionConnection, onlyUserPermissionToken, "token_from_file");
+  }
+
+  private void prepareConnectionConfigurationTomlFile(
+      Map moreParameters, boolean onlyUserPermissionConnection, boolean onlyUserPermissionToken, String token)
       throws IOException {
     Path path = Paths.get(tempPath.toString(), "connections.toml");
     Path filePath = createFilePathWithPermission(path, onlyUserPermissionConnection);
@@ -196,7 +218,12 @@ private void prepareConnectionConfigurationTomlFile(
           createFilePathWithPermission(
               Paths.get(configurationParams.get("token_file_path").toString()),
               onlyUserPermissionToken);
-      Files.write(tokenFilePath, "token_from_file".getBytes());
+      Files.write(tokenFilePath, token.getBytes());
+      Path emptyTokenFilePath =
+          createFilePathWithPermission(
+              Paths.get(configurationParams.get("token_file_path").toString().replaceAll("token", "emptytoken")),
+              onlyUserPermissionToken);
+      Files.write(emptyTokenFilePath, "".getBytes());
     }
   }