MailHog/docs/Auth.md

44 lines
1.1 KiB
Markdown
Raw Normal View History

Authentication
==============
HTTP basic authentication is supported using a password file.
2015-05-27 17:11:31 +00:00
See [example-auth](example-auth) for an example (the password is `test`).
Authentication applies to all HTTP requests, including static content
and API endpoints.
### Password file format
The password file format is:
* One user per line
* `username:password`
* Password is bcrypted
By default, a bcrypt difficulty of 4 is used to reduce page load times.
### Generating a bcrypted password
You can use a MailHog shortcut to generate a bcrypted password:
2015-05-27 17:12:13 +00:00
MailHog bcrypt <password>
### Enabling HTTP authentication
To enable authentication, pass an `-auth-file` flag to MailHog:
2015-05-27 17:12:13 +00:00
MailHog -auth-file=docs/example-auth
This also works if you're running MailHog-UI and MailHog-Server separately:
2015-05-27 17:12:13 +00:00
MailHog-Server -auth-file=docs/example-auth
MailHog-UI -auth-file=docs/example-auth
## Future compatibility
Authentication has been a bit of an experiment.
The exact implementation may change over time, e.g. using sessions in the UI
and tokens for the API to avoid frequently bcrypting passwords.