mirror of
https://github.com/open-webui/open-webui.git
synced 2026-07-16 23:21:44 -05:00
[PR #12481] [MERGED] fix: Improve auth error messages #77801
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
📋 Pull Request Information
Original PR: https://github.com/open-webui/open-webui/pull/12481
Author: @gaby
Created: 4/5/2025
Status: ✅ Merged
Merged: 4/5/2025
Merged by: @tjbck
Base:
dev← Head:generic-errors📝 Commits (2)
b4277c7Make auth error messages generic3245504Fix formatting issues📊 Changes
2 files changed (+28 additions, -14 deletions)
View changed files
📝
backend/open_webui/retrieval/utils.py(+6 -1)📝
backend/open_webui/routers/auths.py(+22 -13)📄 Description
Description
This pull request updates the error handling logic across various authentication endpoints to prevent sensitive internal details from being exposed to end users. Previously, detailed error messages (such as TLS configuration issues, LDAP authentication errors, and signup failures) were passed directly in HTTP responses, potentially revealing internal system details that could aid an attacker.
Generic Error Responses:
Enhanced Logging:
These changes help to mitigate the risk of information disclosure through error messages, aligning the project with best practices for secure error management and overall system security.
🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.