dev-deploy: default BACKEND_AUTH_DEV_FIXED_CODE to 123456
The long-lived dev environment now opts into the bcrypt-bypass on a fresh `up`/`rebuild` so a returning developer can sign in with `123456` even after the matching browser session was cleared (the real emailed code is single-use). Set the variable to an empty string in `.env` to force real Mailpit codes (mail-flow QA). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Ilia Denisov
@@ -91,14 +91,16 @@ calls `make clean-data`.
|
||||
|
||||
## Logging in
|
||||
|
||||
The same dev-mode email-code override as `tools/local-dev/` applies:
|
||||
The same dev-mode email-code override as `tools/local-dev/` applies,
|
||||
and the dev-deploy compose ships with it enabled by default:
|
||||
|
||||
1. Enter `dev@galaxy.lan` (or whatever `BACKEND_DEV_SANDBOX_EMAIL`
|
||||
resolves to) in the login form.
|
||||
2. Submit `123456` as the code if `BACKEND_AUTH_DEV_FIXED_CODE` is
|
||||
non-empty. Otherwise open Mailpit at
|
||||
`http://galaxy-mailpit:8025/` from inside the network or proxy it
|
||||
through the host Caddy when needed.
|
||||
2. Submit `123456` as the code — the docker-compose default for
|
||||
`BACKEND_AUTH_DEV_FIXED_CODE` is `123456`, so the bcrypt-hashed
|
||||
email code stays a fallback. To force real Mailpit codes (e.g. for
|
||||
mail-flow QA), set `BACKEND_AUTH_DEV_FIXED_CODE=` (empty) in a
|
||||
local `.env` and `make rebuild`.
|
||||
|
||||
The fixed-code override is rejected by production env loaders, so it
|
||||
cannot leak into the prod environment.
|
||||
|
||||
Reference in New Issue
Block a user