github-starred/open-webui
2
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2026-05-06 02:48:13 -05:00
Code Issues 1.1k Packages Projects Releases 126 Wiki Activity

[GH-ISSUE #10387] DATABASE_URL cannot contain @ sign in username #15876

New Issue
Closed
opened 2026-04-19 21:57:45 -05:00 by GiteaMirror · 3 comments
GiteaMirror commented 2026-04-19 21:57:45 -05:00
Owner
Copy Link

Originally created by @bassettb on GitHub (Feb 19, 2025).
Original GitHub issue: https://github.com/open-webui/open-webui/issues/10387

Bug Report

Installation Method

kubernetes deployment

Environment

  • Open WebUI Version: v0.5.14

  • Operating System: linux

Confirmation:

  • [*] I have read and followed all the instructions provided in the README.md.
  • [*] I am on the latest version of both Open WebUI and Ollama.
  • [*] I have provided the exact steps to reproduce the bug in the "Steps to Reproduce" section below.

Expected Behavior:

When specifying an external database using the DATABASE_URL, the username might contain an @ sign, just like the password might contain special characters. The @ sign is stored as %40 in the DATABASE_URL value. OpenWebUI should properly decode this URL and turn %40 back into @ before sending the username to the database.

I know the lack of password in my example might cause confusion. But this is completely normal in a Cloud environment.
Access is defined in Terraform and controlled using IAM service accounts which contain @ signs. GCP's CloudSQL supports adding the service account as a database user where no password is necessary. We use this extensively in our cloud projects. It's clear from the code that the password (or lack of) is unrelated.

Example of a URL using a GCP service account username:
"postgresql://open-webui-svc%40myproject.iam@localhost/owui_gen"

Actual Behavior:

The username is not properly parsed by the peewee library. The escaped username (open-webui-svc%40myproject.iam) is sent to postgres and postgres returns an error mentioning the escaped username:

Failed to initialize the database connection: connection to server at "localhost" (127.0.0.1), port 5432 failed: FATAL: password authentication failed for user "open-webui-svc%40myproject.iam"

Description

Bug Summary:
A Database URL might contain escaped (URL-encoded) characters in the username. Open-WebUI should decode these correctly.

Reproduction Details

Steps to Reproduce:
Set up a postgres database.
Create a user with an @ sign in the name.
Set DATABASE_URL to point to your database with the username properly encoded.

Additional Information

Offending line of code is here. They call an unquote function on the password, but not the username.
https://github.com/coleifer/peewee/blob/master/playhouse/db_url.py#L50

One possible solution is what is being requested in Issue #3179.

Originally created by @bassettb on GitHub (Feb 19, 2025). Original GitHub issue: https://github.com/open-webui/open-webui/issues/10387 # Bug Report ## Installation Method kubernetes deployment ## Environment - **Open WebUI Version:** v0.5.14 - **Operating System:** linux **Confirmation:** - [*] I have read and followed all the instructions provided in the README.md. - [*] I am on the latest version of both Open WebUI and Ollama. - [*] I have provided the exact steps to reproduce the bug in the "Steps to Reproduce" section below. ## Expected Behavior: When specifying an external database using the DATABASE_URL, the username might contain an @ sign, just like the password might contain special characters. The @ sign is stored as %40 in the DATABASE_URL value. OpenWebUI should properly decode this URL and turn %40 back into @ before sending the username to the database. I know the lack of password in my example might cause confusion. But this is completely normal in a Cloud environment. Access is defined in Terraform and controlled using IAM service accounts which contain @ signs. GCP's CloudSQL supports adding the service account as a database user where no password is necessary. We use this extensively in our cloud projects. It's clear from the code that the password (or lack of) is unrelated. Example of a URL using a GCP service account username: `"postgresql://open-webui-svc%40myproject.iam@localhost/owui_gen"` ## Actual Behavior: The username is not properly parsed by the peewee library. The escaped username (open-webui-svc%40myproject.iam) is sent to postgres and postgres returns an error mentioning the escaped username: `Failed to initialize the database connection: connection to server at "localhost" (127.0.0.1), port 5432 failed: FATAL: password authentication failed for user "open-webui-svc%40myproject.iam"` ## Description **Bug Summary:** A Database URL might contain escaped (URL-encoded) characters in the username. Open-WebUI should decode these correctly. ## Reproduction Details **Steps to Reproduce:** Set up a postgres database. Create a user with an @ sign in the name. Set DATABASE_URL to point to your database with the username properly encoded. ## Additional Information Offending line of code is here. They call an `unquote` function on the password, but not the username. https://github.com/coleifer/peewee/blob/master/playhouse/db_url.py#L50 One possible solution is what is being requested in Issue #3179.
GiteaMirror commented 2026-04-19 21:57:46 -05:00
Author
Owner
Copy Link

@tjbck commented on GitHub (Feb 19, 2025):

PR Welcome!

<!-- gh-comment-id:2669767234 --> @tjbck commented on GitHub (Feb 19, 2025): PR Welcome!
GiteaMirror commented 2026-04-19 21:57:47 -05:00
Author
Owner
Copy Link

@bassettb commented on GitHub (Feb 20, 2025):

I'm adding the code to peewee
https://github.com/coleifer/peewee/pulls

<!-- gh-comment-id:2672365871 --> @bassettb commented on GitHub (Feb 20, 2025): I'm adding the code to peewee https://github.com/coleifer/peewee/pulls
GiteaMirror commented 2026-04-19 21:57:47 -05:00
Author
Owner
Copy Link

@bassettb commented on GitHub (Feb 27, 2025):

Code was added to peewee. Just waiting for the maintainer to do a release.
I have an open-webui branch ready.

<!-- gh-comment-id:2688457854 --> @bassettb commented on GitHub (Feb 27, 2025): Code was added to peewee. Just waiting for the maintainer to do a release. I have an open-webui branch ready.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
confirmed
confirmed issue
core
documentation
enhancement
good first issue
help wanted
non-core
pull-request
Mirrored from GitHub Pull Request
 python
question
testing wanted
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#15876
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?