fix(login): Deprecate CLI token

This came up in #13623 to avoid putting tokens into shell history.

src/bin/cargo/commands/login.rs

@@ -6,7 +6,12 @@ use crate::command_prelude::*;
 pub fn cli() -> Command {
     subcommand("login")
         .about("Log in to a registry.")
-        .arg(Arg::new("token").value_name("TOKEN").action(ArgAction::Set))
+        .arg(
+            Arg::new("token")
+                .value_name("TOKEN")
+                .action(ArgAction::Set)
+                .hide(true),
+        )
         .arg_registry("Registry to use")
         .arg(
             Arg::new("args")
@@ -27,16 +32,16 @@ pub fn exec(gctx: &mut GlobalContext, args: &ArgMatches) -> CliResult {
         "must not be index URL"
     );
 
+    let token = args.get_one::<String>("token").map(|s| s.as_str().into());
+    if token.is_some() {
+        gcrx.warn("`cargo login <token>` is deprecated in favor of reading `<token>` from stdin");
+    }
+
     let extra_args = args
         .get_many::<String>("args")
         .unwrap_or_default()
         .map(String::as_str)
         .collect::<Vec<_>>();
-    ops::registry_login(
-        gctx,
-        args.get_one::<String>("token").map(|s| s.as_str().into()),
-        reg.as_ref(),
-        &extra_args,
-    )?;
+    ops::registry_login(gctx, token, reg.as_ref(), &extra_args)?;
     Ok(())
 }

src/doc/man/cargo-login.md

@@ -6,7 +6,7 @@ cargo-login --- Log in to a registry
 
 ## SYNOPSIS
 
-`cargo login` [_options_] [_token_] [`--` _args_]
+`cargo login` [_options_] [`--` _args_]
 
 ## DESCRIPTION
 
@@ -24,7 +24,7 @@ If a registry has a credential-provider specified, it will be used. Otherwise,
 the providers from the config value `registry.global-credential-providers` will
 be attempted, starting from the end of the list.
 
-If the _token_ argument is not specified, it will be read from stdin.
+The _token_ will be read from stdin.
 
 The API token for crates.io may be retrieved from <https://crates.io/me>.
 

src/doc/man/generated_txt/cargo-login.txt

@@ -4,7 +4,7 @@ NAME
        cargo-login — Log in to a registry
 
 SYNOPSIS
-       cargo login [options] [token] [-- args]
+       cargo login [options] [-- args]
 
 DESCRIPTION
        This command will run a credential provider to save a token so that
@@ -23,7 +23,7 @@ DESCRIPTION
        registry.global-credential-providers will be attempted, starting from
        the end of the list.
 
-       If the token argument is not specified, it will be read from stdin.
+       The token will be read from stdin.
 
        The API token for crates.io may be retrieved from
        <https://crates.io/me>.

src/doc/src/commands/cargo-login.md

@@ -6,7 +6,7 @@ cargo-login --- Log in to a registry
 
 ## SYNOPSIS
 
-`cargo login` [_options_] [_token_] [`--` _args_]
+`cargo login` [_options_] [`--` _args_]
 
 ## DESCRIPTION
 
@@ -24,7 +24,7 @@ If a registry has a credential-provider specified, it will be used. Otherwise,
 the providers from the config value `registry.global-credential-providers` will
 be attempted, starting from the end of the list.
 
-If the _token_ argument is not specified, it will be read from stdin.
+The _token_ will be read from stdin.
 
 The API token for crates.io may be retrieved from <https://crates.io/me>.
 

src/etc/man/cargo-login.1

@@ -6,7 +6,7 @@
 .SH "NAME"
 cargo\-login \[em] Log in to a registry
 .SH "SYNOPSIS"
-\fBcargo login\fR [\fIoptions\fR] [\fItoken\fR] [\fB\-\-\fR \fIargs\fR]
+\fBcargo login\fR [\fIoptions\fR] [\fB\-\-\fR \fIargs\fR]
 .SH "DESCRIPTION"
 This command will run a credential provider to save a token so that commands
 that require authentication, such as \fBcargo\-publish\fR(1), will be
@@ -22,7 +22,7 @@ If a registry has a credential\-provider specified, it will be used. Otherwise,
 the providers from the config value \fBregistry.global\-credential\-providers\fR will
 be attempted, starting from the end of the list.
 .sp
-If the \fItoken\fR argument is not specified, it will be read from stdin.
+The \fItoken\fR will be read from stdin.
 .sp
 The API token for crates.io may be retrieved from <https://crates.io/me>\&.
 .sp