From 47af6dcc19663845b9fe661e98fc5d4395eb3469 Mon Sep 17 00:00:00 2001 From: Ed Page Date: Mon, 13 Jan 2025 10:40:13 -0600 Subject: [PATCH] fix(login): Deprecate CLI token This came up in #13623 to avoid putting tokens into shell history. --- src/bin/cargo/commands/login.rs | 21 ++++++--- src/doc/man/cargo-login.md | 4 +- src/doc/man/generated_txt/cargo-login.txt | 4 +- src/doc/src/commands/cargo-login.md | 4 +- src/etc/man/cargo-login.1 | 4 +- tests/testsuite/alt_registry.rs | 3 +- .../cargo_login/help/stdout.term.svg | 44 +++++++++---------- tests/testsuite/credential_process.rs | 20 ++++++--- tests/testsuite/login.rs | 25 +++++++++-- 9 files changed, 80 insertions(+), 49 deletions(-) diff --git a/src/bin/cargo/commands/login.rs b/src/bin/cargo/commands/login.rs index 2542386aa569..7fe86b9b0c66 100644 --- a/src/bin/cargo/commands/login.rs +++ b/src/bin/cargo/commands/login.rs @@ -6,7 +6,12 @@ use crate::command_prelude::*; pub fn cli() -> Command { subcommand("login") .about("Log in to a registry.") - .arg(Arg::new("token").value_name("TOKEN").action(ArgAction::Set)) + .arg( + Arg::new("token") + .value_name("TOKEN") + .action(ArgAction::Set) + .hide(true), + ) .arg_registry("Registry to use") .arg( Arg::new("args") @@ -27,16 +32,18 @@ pub fn exec(gctx: &mut GlobalContext, args: &ArgMatches) -> CliResult { "must not be index URL" ); + let token = args.get_one::("token").map(|s| s.as_str().into()); + if token.is_some() { + let _ = gctx + .shell() + .warn("`cargo login ` is deprecated in favor of reading `` from stdin"); + } + let extra_args = args .get_many::("args") .unwrap_or_default() .map(String::as_str) .collect::>(); - ops::registry_login( - gctx, - args.get_one::("token").map(|s| s.as_str().into()), - reg.as_ref(), - &extra_args, - )?; + ops::registry_login(gctx, token, reg.as_ref(), &extra_args)?; Ok(()) } diff --git a/src/doc/man/cargo-login.md b/src/doc/man/cargo-login.md index 46681f7ef90c..9d0161e7fc14 100644 --- a/src/doc/man/cargo-login.md +++ b/src/doc/man/cargo-login.md @@ -6,7 +6,7 @@ cargo-login --- Log in to a registry ## SYNOPSIS -`cargo login` [_options_] [_token_] [`--` _args_] +`cargo login` [_options_] [`--` _args_] ## DESCRIPTION @@ -24,7 +24,7 @@ If a registry has a credential-provider specified, it will be used. Otherwise, the providers from the config value `registry.global-credential-providers` will be attempted, starting from the end of the list. -If the _token_ argument is not specified, it will be read from stdin. +The _token_ will be read from stdin. The API token for crates.io may be retrieved from . diff --git a/src/doc/man/generated_txt/cargo-login.txt b/src/doc/man/generated_txt/cargo-login.txt index 585a7bf2eb76..e2f8f748b049 100644 --- a/src/doc/man/generated_txt/cargo-login.txt +++ b/src/doc/man/generated_txt/cargo-login.txt @@ -4,7 +4,7 @@ NAME cargo-login — Log in to a registry SYNOPSIS - cargo login [options] [token] [-- args] + cargo login [options] [-- args] DESCRIPTION This command will run a credential provider to save a token so that @@ -23,7 +23,7 @@ DESCRIPTION registry.global-credential-providers will be attempted, starting from the end of the list. - If the token argument is not specified, it will be read from stdin. + The token will be read from stdin. The API token for crates.io may be retrieved from . diff --git a/src/doc/src/commands/cargo-login.md b/src/doc/src/commands/cargo-login.md index 4e45edbb8c61..9aabe96d2d36 100644 --- a/src/doc/src/commands/cargo-login.md +++ b/src/doc/src/commands/cargo-login.md @@ -6,7 +6,7 @@ cargo-login --- Log in to a registry ## SYNOPSIS -`cargo login` [_options_] [_token_] [`--` _args_] +`cargo login` [_options_] [`--` _args_] ## DESCRIPTION @@ -24,7 +24,7 @@ If a registry has a credential-provider specified, it will be used. Otherwise, the providers from the config value `registry.global-credential-providers` will be attempted, starting from the end of the list. -If the _token_ argument is not specified, it will be read from stdin. +The _token_ will be read from stdin. The API token for crates.io may be retrieved from . diff --git a/src/etc/man/cargo-login.1 b/src/etc/man/cargo-login.1 index 16f5773fa344..c1c288343910 100644 --- a/src/etc/man/cargo-login.1 +++ b/src/etc/man/cargo-login.1 @@ -6,7 +6,7 @@ .SH "NAME" cargo\-login \[em] Log in to a registry .SH "SYNOPSIS" -\fBcargo login\fR [\fIoptions\fR] [\fItoken\fR] [\fB\-\-\fR \fIargs\fR] +\fBcargo login\fR [\fIoptions\fR] [\fB\-\-\fR \fIargs\fR] .SH "DESCRIPTION" This command will run a credential provider to save a token so that commands that require authentication, such as \fBcargo\-publish\fR(1), will be @@ -22,7 +22,7 @@ If a registry has a credential\-provider specified, it will be used. Otherwise, the providers from the config value \fBregistry.global\-credential\-providers\fR will be attempted, starting from the end of the list. .sp -If the \fItoken\fR argument is not specified, it will be read from stdin. +The \fItoken\fR will be read from stdin. .sp The API token for crates.io may be retrieved from \&. .sp diff --git a/tests/testsuite/alt_registry.rs b/tests/testsuite/alt_registry.rs index b001da4f85b7..f775fb43247f 100644 --- a/tests/testsuite/alt_registry.rs +++ b/tests/testsuite/alt_registry.rs @@ -814,7 +814,8 @@ fn no_api() { "#]]) .run(); - p.cargo("login --registry alternative TOKEN") + p.cargo("login --registry alternative") + .with_stdin("TOKEN") .with_status(101) .with_stderr_data(str![[r#" [ERROR] registry `alternative` does not support API commands diff --git a/tests/testsuite/cargo_login/help/stdout.term.svg b/tests/testsuite/cargo_login/help/stdout.term.svg index 96498c6220ca..b10d03e2025c 100644 --- a/tests/testsuite/cargo_login/help/stdout.term.svg +++ b/tests/testsuite/cargo_login/help/stdout.term.svg @@ -1,4 +1,4 @@ - +