github-starred/open-webui
2
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2026-05-27 20:07:29 -05:00
Code Issues 2.4k Packages Projects Releases 129 Wiki Activity

[GH-ISSUE #20647] feat: Improve User Feedback When Admin-Created Password Does Not Meet Policy Requirements #138973

New Issue
Closed
opened 2026-05-25 12:00:20 -05:00 by GiteaMirror · 7 comments
GiteaMirror commented 2026-05-25 12:00:20 -05:00
Owner
Copy Link

Originally created by @joaoback on GitHub (Jan 13, 2026).
Original GitHub issue: https://github.com/open-webui/open-webui/issues/20647

Originally assigned to: @Classic298 on GitHub.

Check Existing Issues

  • I have searched for all existing open AND closed issues and discussions for similar requests. I have found none that is comparable to my request.

Verify Feature Scope

  • I have read through and understood the scope definition for feature requests in the Issues section. I believe my feature request meets the definition and belongs in the Issues section instead of the Discussions.

Problem Description

🚨 Improve User Feedback When Admin-Created Password Does Not Meet Policy Requirements

Description

When an administrator creates a new user in Open WebUI and sets an initial password that does not meet the configured minimum password requirements, the system currently returns only a generic error message.

This behavior makes it difficult for administrators to understand:

  • Why the user creation failed
  • Which password requirement(s) were not met
  • How to correct the issue without trial and error

Current Behavior

  • Admin attempts to create a new user
  • Password does not comply with configured password policy (e.g., length, complexity, etc.)
  • UI returns a generic error message, without any actionable feedback

Desired Solution you'd like

Expected Behavior

When the password provided by the administrator does not meet the configured policy, the UI should:

  • Display a clear and specific validation error

  • Indicate which requirement(s) failed (e.g.:

    • Minimum length
    • Uppercase/lowercase requirement
    • Numeric or special character requirement
      )

  • Ideally, show the password policy rules or a summarized hint near the password field

Why This Matters

  • Improves admin experience and usability
  • Reduces confusion and repeated failed attempts
  • Aligns with security best practices by guiding correct password creation
  • Prevents unnecessary support/debugging efforts

Suggested Improvements (Optional)

  • Frontend-side validation aligned with backend password policy
  • Structured error messages returned by the API (e.g. PASSWORD_TOO_SHORT, PASSWORD_POLICY_VIOLATION)
  • Inline helper text or tooltip showing password requirements

Environment

  • Open WebUI version: current stable
  • User creation method: Admin UI
  • Authentication: Local user management

Additional Context

This issue becomes more relevant in environments where custom or stricter password policies are configured, as the lack of feedback significantly impacts administrative workflows.

Alternatives Considered

No response

Additional Context

No response

Originally created by @joaoback on GitHub (Jan 13, 2026). Original GitHub issue: https://github.com/open-webui/open-webui/issues/20647 Originally assigned to: @Classic298 on GitHub. ### Check Existing Issues - [x] I have searched for all existing **open AND closed** issues and discussions for similar requests. I have found none that is comparable to my request. ### Verify Feature Scope - [x] I have read through and understood the scope definition for feature requests in the Issues section. I believe my feature request meets the definition and belongs in the Issues section instead of the Discussions. ### Problem Description ## 🚨 Improve User Feedback When Admin-Created Password Does Not Meet Policy Requirements ### **Description** When an administrator creates a new user in **Open WebUI** and sets an initial password that does not meet the configured minimum password requirements, the system currently returns only a **generic error message**. This behavior makes it difficult for administrators to understand: * **Why** the user creation failed * **Which password requirement(s)** were not met * **How to correct the issue** without trial and error ### **Current Behavior** * Admin attempts to create a new user * Password does not comply with configured password policy (e.g., length, complexity, etc.) * UI returns a **generic error message**, without any actionable feedback ### Desired Solution you'd like ### **Expected Behavior** When the password provided by the administrator does not meet the configured policy, the UI should: * Display a **clear and specific validation error** * Indicate **which requirement(s)** failed (e.g.: * Minimum length * Uppercase/lowercase requirement * Numeric or special character requirement ) * Ideally, show the **password policy rules** or a summarized hint near the password field ### **Why This Matters** * Improves **admin experience and usability** * Reduces confusion and repeated failed attempts * Aligns with security best practices by **guiding correct password creation** * Prevents unnecessary support/debugging efforts ### **Suggested Improvements (Optional)** * Frontend-side validation aligned with backend password policy * Structured error messages returned by the API (e.g. `PASSWORD_TOO_SHORT`, `PASSWORD_POLICY_VIOLATION`) * Inline helper text or tooltip showing password requirements ### **Environment** * Open WebUI version: *current stable* * User creation method: **Admin UI** * Authentication: Local user management ### **Additional Context** This issue becomes more relevant in environments where **custom or stricter password policies** are configured, as the lack of feedback significantly impacts administrative workflows. ### Alternatives Considered _No response_ ### Additional Context _No response_
GiteaMirror commented 2026-05-25 12:00:22 -05:00
Author
Owner
Copy Link

@Classic298 commented on GitHub (Jan 13, 2026):

hm not sure HOW that is possible since it's a regex that configures it. let me investigate

<!-- gh-comment-id:3745871429 --> @Classic298 commented on GitHub (Jan 13, 2026): hm not sure HOW that is possible since it's a regex that configures it. let me investigate
GiteaMirror commented 2026-05-25 12:00:25 -05:00
Author
Owner
Copy Link

@Classic298 commented on GitHub (Jan 13, 2026):

https://github.com/open-webui/open-webui/pull/20650

i guess this is the best you can do

<!-- gh-comment-id:3746231838 --> @Classic298 commented on GitHub (Jan 13, 2026): https://github.com/open-webui/open-webui/pull/20650 i guess this is the best you can do
GiteaMirror commented 2026-05-25 12:00:26 -05:00
Author
Owner
Copy Link

@Steve-Li-1998 commented on GitHub (Jan 16, 2026):

I guess I meet the same problem, but not only the admin generated password but also self generated password. I set a strong password successfully but when I try to login again the system prompts that I type a wrong email address or password

<!-- gh-comment-id:3760707501 --> @Steve-Li-1998 commented on GitHub (Jan 16, 2026): I guess I meet the same problem, but not only the admin generated password but also self generated password. I set a strong password successfully but when I try to login again the system prompts that I type a wrong email address or password
GiteaMirror commented 2026-05-25 12:00:27 -05:00
Author
Owner
Copy Link

@Steve-Li-1998 commented on GitHub (Jan 16, 2026):

It seems that in current version the password cannot longer than 8 digit, but last version there are no such limits. I don't know whether it's a bug or a feature.

<!-- gh-comment-id:3760749399 --> @Steve-Li-1998 commented on GitHub (Jan 16, 2026): It seems that in current version the password cannot longer than 8 digit, but last version there are no such limits. I don't know whether it's a bug or a feature.
GiteaMirror commented 2026-05-25 12:00:28 -05:00
Author
Owner
Copy Link

@Classic298 commented on GitHub (Jan 16, 2026):

passwords cannot be longer than ~72 chars

<!-- gh-comment-id:3760813946 --> @Classic298 commented on GitHub (Jan 16, 2026): passwords cannot be longer than ~72 chars
GiteaMirror commented 2026-05-25 12:00:29 -05:00
Author
Owner
Copy Link

@Steve-Li-1998 commented on GitHub (Jan 16, 2026):

In the end, I found that the problem might be that the login page isn’t very compatible with the password manager’s auto-fill feature. Once the password is auto-filled, it shows a “wrong password” message, and even if I manually clear it and re-enter it, it still doesn’t work. I have to refresh the page and then manually input the email and password for it to succeed.

<!-- gh-comment-id:3761296635 --> @Steve-Li-1998 commented on GitHub (Jan 16, 2026): In the end, I found that the problem might be that the login page isn’t very compatible with the password manager’s auto-fill feature. Once the password is auto-filled, it shows a “wrong password” message, and even if I manually clear it and re-enter it, it still doesn’t work. I have to refresh the page and then manually input the email and password for it to succeed.
GiteaMirror commented 2026-05-25 12:00:29 -05:00
Author
Owner
Copy Link

@Classic298 commented on GitHub (Jan 19, 2026):

https://github.com/open-webui/open-webui/pull/20650

<!-- gh-comment-id:3767467868 --> @Classic298 commented on GitHub (Jan 19, 2026): https://github.com/open-webui/open-webui/pull/20650
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
confirmed
confirmed issue
core
documentation
enhancement
good first issue
help wanted
non-core
pull-request
Mirrored from GitHub Pull Request
 python
question
testing wanted
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#138973
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?