From 38bf0b6eec16879bd962c89edcd142c93758ee3b Mon Sep 17 00:00:00 2001
From: Classic298 <27028174+Classic298@users.noreply.github.com>
Date: Mon, 19 Jan 2026 11:00:48 +0100
Subject: [PATCH] feat: Add new ENV VAR for custom error message on error on
 signup / password change due to password not meeting requirements (#20650)

* add env var for custom auth pw message

* Update auth.py

* Update auth.py
---
 backend/open_webui/env.py           | 2 ++
 backend/open_webui/routers/auths.py | 4 ++++
 backend/open_webui/utils/auth.py    | 3 ++-
 3 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/backend/open_webui/env.py b/backend/open_webui/env.py
index aeba69b480..0bbe1b89c4 100644
--- a/backend/open_webui/env.py
+++ b/backend/open_webui/env.py
@@ -455,6 +455,8 @@ except Exception as e:
         r"^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[^\w\s]).{8,}$"
     )
 
+PASSWORD_VALIDATION_HINT = os.environ.get("PASSWORD_VALIDATION_HINT", "")
+
 
 BYPASS_MODEL_ACCESS_CONTROL = (
     os.environ.get("BYPASS_MODEL_ACCESS_CONTROL", "False").lower() == "true"
diff --git a/backend/open_webui/routers/auths.py b/backend/open_webui/routers/auths.py
index 30d4ebe4cc..b1e5bdc8ab 100644
--- a/backend/open_webui/routers/auths.py
+++ b/backend/open_webui/routers/auths.py
@@ -813,6 +813,8 @@ async def signup(
             }
         else:
             raise HTTPException(500, detail=ERROR_MESSAGES.CREATE_USER_ERROR)
+    except HTTPException:
+        raise
     except Exception as err:
         log.error(f"Signup error: {str(err)}")
         raise HTTPException(500, detail="An internal error occurred during signup.")
@@ -954,6 +956,8 @@ async def add_user(
             }
         else:
             raise HTTPException(500, detail=ERROR_MESSAGES.CREATE_USER_ERROR)
+    except HTTPException:
+        raise
     except Exception as err:
         log.error(f"Add user error: {str(err)}")
         raise HTTPException(
diff --git a/backend/open_webui/utils/auth.py b/backend/open_webui/utils/auth.py
index c1f6910ddb..ef09a6004d 100644
--- a/backend/open_webui/utils/auth.py
+++ b/backend/open_webui/utils/auth.py
@@ -33,6 +33,7 @@ from open_webui.env import (
     ENABLE_PASSWORD_VALIDATION,
     OFFLINE_MODE,
     LICENSE_BLOB,
+    PASSWORD_VALIDATION_HINT,
     PASSWORD_VALIDATION_REGEX_PATTERN,
     REDIS_KEY_PREFIX,
     pk,
@@ -173,7 +174,7 @@ def validate_password(password: str) -> bool:
 
     if ENABLE_PASSWORD_VALIDATION:
         if not PASSWORD_VALIDATION_REGEX_PATTERN.match(password):
-            raise Exception(ERROR_MESSAGES.INVALID_PASSWORD())
+            raise Exception(ERROR_MESSAGES.INVALID_PASSWORD(PASSWORD_VALIDATION_HINT))
 
     return True