fix(publish): deprecate CLI token

src/bin/cargo/commands/publish.rs

@@ -1,14 +1,20 @@
 use crate::command_prelude::*;
+use std::io::IsTerminal;
 
 use cargo::ops::{self, PublishOpts};
+use cargo_credential::Secret;
 
 pub fn cli() -> Command {
     subcommand("publish")
         .about("Upload a package to the registry")
         .arg_dry_run("Perform all checks without uploading")
         .arg_index("Registry index URL to upload the package to")
         .arg_registry("Registry to upload the package to")
-        .arg(opt("token", "Token to use when uploading").value_name("TOKEN"))
+        .arg(
+            opt("token", "Token to use when uploading")
+                .value_name("TOKEN")
+                .hide(true),
+        )
         .arg(flag(
             "no-verify",
             "Don't verify the contents by building them",
@@ -45,13 +51,29 @@ pub fn exec(gctx: &mut GlobalContext, args: &ArgMatches) -> CliResult {
         .into());
     }
 
+    let token: Option<Secret<String>> = args.get_one::<String>("token").cloned().map(Secret::from);
+    if token.is_some() {
+        let _ = gctx
+            .shell()
+            .warn("`cargo publish --token <token>` is deprecated in favor of reading `<token>` from stdin");
+    }
+
+    let token = token.or_else(|| {
+        let mut token_from_stdin = None;
+        if !std::io::stdin().is_terminal() {
+            let token = cargo_credential::read_line().unwrap_or_default();
+            if !token.is_empty() {
+                token_from_stdin = Some(token);
+            }
+        }
+        token_from_stdin.map(Secret::from)
+    });
+
     ops::publish(
         &ws,
         &PublishOpts {
             gctx,
-            token: args
-                .get_one::<String>("token")
-                .map(|s| s.to_string().into()),
+            token,
             reg_or_index,
             verify: !args.flag("no-verify"),
             allow_dirty: args.flag("allow-dirty"),

src/cargo/ops/registry/mod.rs

@@ -130,7 +130,7 @@ fn registry<'gctx>(
 ) -> CargoResult<(Registry, RegistrySource<'gctx>)> {
     let is_index = reg_or_index.map(|v| v.is_index()).unwrap_or_default();
     if is_index && token_required.is_some() && token_from_cmdline.is_none() {
-        bail!("command-line argument --index requires --token to be specified");
+        bail!("command-line argument --index requires token to be provided via stdin");
     }
     if let Some(token) = token_from_cmdline {
         auth::cache_token_from_commandline(gctx, &source_ids.original, token);

src/doc/man/cargo-publish.md

@@ -28,8 +28,8 @@ following steps:
    and may timeout. In that case, you will need to check for completion
    manually. This timeout does not affect the upload.
 
-This command requires you to be authenticated with either the `--token` option
-or using {{man "cargo-login" 1}}.
+This command requires you to be authenticated using 
+{{man "cargo-login" 1}} or by writing TOKEN value into stdin.
 
 See [the reference](../reference/publishing.html) for more details about
 packaging and publishing.
@@ -44,8 +44,6 @@ packaging and publishing.
 Perform all checks without uploading.
 {{/option}}
 
-{{> options-token }}
-
 {{#option "`--no-verify`" }}
 Don't verify the contents by building them.
 {{/option}}

src/doc/man/generated_txt/cargo-publish.txt

@@ -25,8 +25,8 @@ DESCRIPTION
           and may timeout. In that case, you will need to check for completion
           manually. This timeout does not affect the upload.
 
-       This command requires you to be authenticated with either the --token
-       option or using cargo-login(1).
+       This command requires you to be authenticated using cargo-login(1) or by
+       writing TOKEN value into stdin.
 
        See the reference
        <https://doc.rust-lang.org/cargo/reference/publishing.html> for more
@@ -37,18 +37,6 @@ OPTIONS
        --dry-run
            Perform all checks without uploading.
 
-       --token token
-           API token to use when authenticating. This overrides the token
-           stored in the credentials file (which is created by cargo-login(1)).
-
-           Cargo config <https://doc.rust-lang.org/cargo/reference/config.html>
-           environment variables can be used to override the tokens stored in
-           the credentials file. The token for crates.io may be specified with
-           the CARGO_REGISTRY_TOKEN environment variable. Tokens for other
-           registries may be specified with environment variables of the form
-           CARGO_REGISTRIES_NAME_TOKEN where NAME is the name of the registry
-           in all capital letters.
-
        --no-verify
            Don’t verify the contents by building them.
 

src/doc/src/commands/cargo-publish.md

@@ -24,8 +24,8 @@ following steps:
    and may timeout. In that case, you will need to check for completion
    manually. This timeout does not affect the upload.
 
-This command requires you to be authenticated with either the `--token` option
-or using [cargo-login(1)](cargo-login.html).
+This command requires you to be authenticated using 
+[cargo-login(1)](cargo-login.html) or by writing TOKEN value into stdin.
 
 See [the reference](../reference/publishing.html) for more details about
 packaging and publishing.
@@ -40,17 +40,6 @@ packaging and publishing.
 <dd class="option-desc">Perform all checks without uploading.</dd>
 
 
-<dt class="option-term" id="option-cargo-publish---token"><a class="option-anchor" href="#option-cargo-publish---token"></a><code>--token</code> <em>token</em></dt>
-<dd class="option-desc">API token to use when authenticating. This overrides the token stored in
-the credentials file (which is created by <a href="cargo-login.html">cargo-login(1)</a>).</p>
-<p><a href="../reference/config.html">Cargo config</a> environment variables can be
-used to override the tokens stored in the credentials file. The token for
-crates.io may be specified with the <code>CARGO_REGISTRY_TOKEN</code> environment
-variable. Tokens for other registries may be specified with environment
-variables of the form <code>CARGO_REGISTRIES_NAME_TOKEN</code> where <code>NAME</code> is the name
-of the registry in all capital letters.</dd>
-
-
 <dt class="option-term" id="option-cargo-publish---no-verify"><a class="option-anchor" href="#option-cargo-publish---no-verify"></a><code>--no-verify</code></dt>
 <dd class="option-desc">Don’t verify the contents by building them.</dd>
 

src/doc/src/reference/config.md

@@ -1089,7 +1089,7 @@ Specifies the authentication token for the given registry. This value should
 only appear in the [credentials](#credentials) file. This is used for registry
 commands like [`cargo publish`] that require authentication.
 
-Can be overridden with the `--token` command-line option.
+Can be overridden with the token value provided to stdin.
 
 #### `registries.<name>.credential-provider`
 * Type: string or array of path and arguments
@@ -1165,7 +1165,7 @@ Specifies the authentication token for [crates.io]. This value should only
 appear in the [credentials](#credentials) file. This is used for registry
 commands like [`cargo publish`] that require authentication.
 
-Can be overridden with the `--token` command-line option.
+Can be overridden with the token value provided to stdin.
 
 #### `registry.global-credential-providers`
 * Type: array

src/etc/man/cargo-publish.1

@@ -37,8 +37,8 @@ and may timeout. In that case, you will need to check for completion
 manually. This timeout does not affect the upload.
 .RE
 .sp
-This command requires you to be authenticated with either the \fB\-\-token\fR option
-or using \fBcargo\-login\fR(1).
+This command requires you to be authenticated using
+\fBcargo\-login\fR(1) or by writing TOKEN value into stdin.
 .sp
 See \fIthe reference\fR <https://doc.rust\-lang.org/cargo/reference/publishing.html> for more details about
 packaging and publishing.
@@ -50,19 +50,6 @@ packaging and publishing.
 Perform all checks without uploading.
 .RE
 .sp
-\fB\-\-token\fR \fItoken\fR
-.RS 4
-API token to use when authenticating. This overrides the token stored in
-the credentials file (which is created by \fBcargo\-login\fR(1)).
-.sp
-\fICargo config\fR <https://doc.rust\-lang.org/cargo/reference/config.html> environment variables can be
-used to override the tokens stored in the credentials file. The token for
-crates.io may be specified with the \fBCARGO_REGISTRY_TOKEN\fR environment
-variable. Tokens for other registries may be specified with environment
-variables of the form \fBCARGO_REGISTRIES_NAME_TOKEN\fR where \fBNAME\fR is the name
-of the registry in all capital letters.
-.RE
-.sp
 \fB\-\-no\-verify\fR
 .RS 4
 Don\[cq]t verify the contents by building them.

tests/testsuite/alt_registry.rs

@@ -300,11 +300,10 @@ Caused by:
 
     p.cargo("publish")
         .replace_crates_io(crates_io.index_url())
-        .arg("--token")
-        .arg(crates_io.token())
         .arg("--index")
         .arg(crates_io.index_url().as_str())
         .with_status(101)
+        .with_stdin(crates_io.token())
         .with_stderr_data(str![[r#"
 [UPDATING] crates.io index
 [ERROR] failed to verify manifest at `[ROOT]/foo/Cargo.toml`