Cargo by default saves credentials to .cargo/credentials.toml

crates/cargo-test-support/src/registry.rs

@@ -320,7 +320,7 @@ impl RegistryBuilder {
         }
 
         if self.configure_token {
-            let credentials = paths::home().join(".cargo/credentials");
+            let credentials = paths::home().join(".cargo/credentials.toml");
             match &registry.token {
                 Token::Plaintext(token) => {
                     if let Some(alternative) = &self.alternative {

src/cargo/util/config/mod.rs

@@ -2134,16 +2134,16 @@ pub fn save_credentials(
         Some(name)
     };
 
-    // If 'credentials.toml' exists, we should write to that, otherwise
-    // use the legacy 'credentials'. There's no need to print the warning
-    // here, because it would already be printed at load time.
+    // If 'credentials' exists, write to that for backward compatibility reasons.
+    // Otherwise write to 'credentials.toml'. There's no need to print the
+    // warning here, because it would already be printed at load time.
     let home_path = cfg.home_path.clone().into_path_unlocked();
     let filename = match cfg.get_file_path(&home_path, "credentials", false)? {
         Some(path) => match path.file_name() {
             Some(filename) => Path::new(filename).to_owned(),
-            None => Path::new("credentials").to_owned(),
+            None => Path::new("credentials.toml").to_owned(),
         },
-        None => Path::new("credentials").to_owned(),
+        None => Path::new("credentials.toml").to_owned(),
     };
 
     let mut file = {

src/doc/src/reference/unstable.md

@@ -912,7 +912,7 @@ a new `cargo logout` command.
 
 To use this feature, you must pass the `-Z credential-process` flag on the
 command-line. Additionally, you must remove any current tokens currently saved
-in the [`credentials` file] (which can be done with the new `logout` command).
+in the [`credentials.toml` file] (which can be done with the new `logout` command).
 
 #### `credential-process` Configuration
 
@@ -1049,10 +1049,10 @@ The following environment variables will be provided to the executed command:
 #### `cargo logout`
 
 A new `cargo logout` command has been added to make it easier to remove a
-token from storage. This supports both [`credentials` file] tokens and
+token from storage. This supports both [`credentials.toml` file] tokens and
 `credential-process` tokens.
 
-When used with `credentials` file tokens, it needs the `-Z unstable-options`
+When used with `credentials.toml` file tokens, it needs the `-Z unstable-options`
 command-line option:
 
 ```console
@@ -1071,7 +1071,7 @@ cargo logout -Z credential-process
 [`cargo publish`]: ../commands/cargo-publish.md
 [`cargo owner`]: ../commands/cargo-owner.md
 [`cargo yank`]: ../commands/cargo-yank.md
-[`credentials` file]: config.md#credentials
+[`credentials.toml` file]: config.md#credentials
 [crates.io]: https://crates.io/
 [config file]: config.md
 

tests/testsuite/alt_registry.rs

@@ -399,7 +399,7 @@ fn block_publish_due_to_no_token() {
     registry::alt_init();
     let p = project().file("src/lib.rs", "").build();
 
-    fs::remove_file(paths::home().join(".cargo/credentials")).unwrap();
+    fs::remove_file(paths::home().join(".cargo/credentials.toml")).unwrap();
 
     // Now perform the actual publish
     p.cargo("publish --registry alternative")

tests/testsuite/build.rs

@@ -2893,7 +2893,7 @@ fn credentials_is_unreadable() {
         .file("src/lib.rs", "")
         .build();
 
-    let credentials = home().join(".cargo/credentials");
+    let credentials = home().join(".cargo/credentials.toml");
     t!(fs::create_dir_all(credentials.parent().unwrap()));
     t!(fs::write(
         &credentials,

tests/testsuite/login.rs

@@ -1,21 +1,23 @@
 //! Tests for the `cargo login` command.
 
 use cargo_test_support::cargo_process;
-use cargo_test_support::install::cargo_home;
 use cargo_test_support::paths::{self, CargoPathExt};
 use cargo_test_support::registry::{self, RegistryBuilder};
 use cargo_test_support::t;
-use std::fs::{self};
+use std::fs;
 use std::path::PathBuf;
 use toml_edit::easy as toml;
 
 const TOKEN: &str = "test-token";
 const TOKEN2: &str = "test-token2";
 const ORIGINAL_TOKEN: &str = "api-token";
 
+fn credentials_toml() -> PathBuf {
+    paths::home().join(".cargo/credentials.toml")
+}
+
 fn setup_new_credentials() {
-    let config = cargo_home().join("credentials");
-    setup_new_credentials_at(config);
+    setup_new_credentials_at(credentials_toml());
 }
 
 fn setup_new_credentials_at(config: PathBuf) {
@@ -27,7 +29,7 @@ fn setup_new_credentials_at(config: PathBuf) {
 }
 
 fn check_token(expected_token: &str, registry: Option<&str>) -> bool {
-    let credentials = cargo_home().join("credentials");
+    let credentials = credentials_toml();
     assert!(credentials.is_file());
 
     let contents = fs::read_to_string(&credentials).unwrap();
@@ -189,15 +191,15 @@ fn login_with_no_cargo_dir() {
     cargo_process("login foo -v")
         .replace_crates_io(registry.index_url())
         .run();
-    let credentials = fs::read_to_string(paths::home().join(".cargo/credentials")).unwrap();
+    let credentials = fs::read_to_string(credentials_toml()).unwrap();
     assert_eq!(credentials, "[registry]\ntoken = \"foo\"\n");
 }
 
 #[cargo_test]
 fn login_with_differently_sized_token() {
     // Verify that the configuration file gets properly truncated.
     let registry = registry::init();
-    let credentials = paths::home().join(".cargo/credentials");
+    let credentials = credentials_toml();
     fs::remove_file(&credentials).unwrap();
     cargo_process("login lmaolmaolmao -v")
         .replace_crates_io(registry.index_url())
@@ -215,7 +217,7 @@ fn login_with_differently_sized_token() {
 #[cargo_test]
 fn login_with_token_on_stdin() {
     let registry = registry::init();
-    let credentials = paths::home().join(".cargo/credentials");
+    let credentials = credentials_toml();
     fs::remove_file(&credentials).unwrap();
     cargo_process("login lmao -v")
         .replace_crates_io(registry.index_url())
@@ -232,7 +234,7 @@ fn login_with_token_on_stdin() {
 #[cargo_test]
 fn login_with_asymmetric_token_and_subject_on_stdin() {
     let registry = registry::init();
-    let credentials = paths::home().join(".cargo/credentials");
+    let credentials = credentials_toml();
     fs::remove_file(&credentials).unwrap();
     cargo_process("login --key-subject=foo --secret-key -v -Z registry-auth")
         .masquerade_as_nightly_cargo(&["registry-auth"])
@@ -253,7 +255,7 @@ k3.public.AmDwjlyf8jAV3gm5Z7Kz9xAOcsKslt_Vwp5v-emjFzBHLCtcANzTaVEghTNEMj9PkQ",
 #[cargo_test]
 fn login_with_asymmetric_token_on_stdin() {
     let registry = registry::init();
-    let credentials = paths::home().join(".cargo/credentials");
+    let credentials = credentials_toml();
     fs::remove_file(&credentials).unwrap();
     cargo_process("login --secret-key -v -Z registry-auth")
         .masquerade_as_nightly_cargo(&["registry-auth"])
@@ -272,7 +274,7 @@ k3.public.AmDwjlyf8jAV3gm5Z7Kz9xAOcsKslt_Vwp5v-emjFzBHLCtcANzTaVEghTNEMj9PkQ",
 #[cargo_test]
 fn login_with_asymmetric_key_subject_without_key() {
     let registry = registry::init();
-    let credentials = paths::home().join(".cargo/credentials");
+    let credentials = credentials_toml();
     fs::remove_file(&credentials).unwrap();
     cargo_process("login --key-subject=foo -Z registry-auth")
         .masquerade_as_nightly_cargo(&["registry-auth"])
@@ -307,7 +309,7 @@ k3.public.AmDwjlyf8jAV3gm5Z7Kz9xAOcsKslt_Vwp5v-emjFzBHLCtcANzTaVEghTNEMj9PkQ",
 #[cargo_test]
 fn login_with_generate_asymmetric_token() {
     let registry = registry::init();
-    let credentials = paths::home().join(".cargo/credentials");
+    let credentials = credentials_toml();
     fs::remove_file(&credentials).unwrap();
     cargo_process("login --generate-keypair -Z registry-auth")
         .masquerade_as_nightly_cargo(&["registry-auth"])

tests/testsuite/logout.rs

@@ -24,7 +24,7 @@ the `cargo logout` command.
 
 /// Checks whether or not the token is set for the given token.
 fn check_config_token(registry: Option<&str>, should_be_set: bool) {
-    let credentials = cargo_home().join("credentials");
+    let credentials = cargo_home().join("credentials.toml");
     let contents = fs::read_to_string(&credentials).unwrap();
     let toml: toml::Value = contents.parse().unwrap();
     if let Some(registry) = registry {

tests/testsuite/publish.rs

@@ -231,7 +231,7 @@ fn old_token_location() {
         .file("src/main.rs", "fn main() {}")
         .build();
 
-    let credentials = paths::home().join(".cargo/credentials");
+    let credentials = paths::home().join(".cargo/credentials.toml");
     fs::remove_file(&credentials).unwrap();
 
     // Verify can't publish without a token.
@@ -1614,8 +1614,9 @@ fn credentials_ambiguous_filename() {
     // `publish` generally requires a remote registry
     let registry = registry::RegistryBuilder::new().http_api().build();
 
+    // Make token in `credentials.toml` incorrect to ensure it is not read.
     let credentials_toml = paths::home().join(".cargo/credentials.toml");
-    fs::write(credentials_toml, r#"token = "api-token""#).unwrap();
+    fs::write(credentials_toml, r#"token = "wrong-token""#).unwrap();
 
     let p = project()
         .file(
@@ -1632,6 +1633,16 @@ fn credentials_ambiguous_filename() {
         .file("src/main.rs", "fn main() {}")
         .build();
 
+    p.cargo("publish --no-verify")
+        .replace_crates_io(registry.index_url())
+        .with_status(101)
+        .with_stderr_contains("[..]Unauthorized message from server[..]")
+        .run();
+
+    // Favor `credentials` if exists.
+    let credentials = paths::home().join(".cargo/credentials");
+    fs::write(credentials, r#"token = "sekrit""#).unwrap();
+
     p.cargo("publish --no-verify")
         .replace_crates_io(registry.index_url())
         .with_stderr(
@@ -1656,7 +1667,7 @@ fn index_requires_token() {
     // Use local registry for faster test times since no publish will occur
     let registry = registry::init();
 
-    let credentials = paths::home().join(".cargo/credentials");
+    let credentials = paths::home().join(".cargo/credentials.toml");
     fs::remove_file(&credentials).unwrap();
 
     let p = project()