[GH-ISSUE #1289] [BUG]: An admin password containing `, ' or # does not work #809

Closed
opened 2026-02-22 18:21:29 -05:00 by yindo · 5 comments
Owner

Originally created by @Propheticus on GitHub (May 5, 2024).
Original GitHub issue: https://github.com/Mintplex-Labs/anything-llm/issues/1289

Originally assigned to: @timothycarambat on GitHub.

How are you running AnythingLLM?

Docker (local)

What happened?

I had used a pre-generated password from keepass that contained a ` e.g. H$byw&52nb`7
Upon restart the password was not recognised until I tried H$byw&52nb

Are there known steps to reproduce?

  • Do first time setup Docker image version of AnythingLLM
  • Choose an admin password containing a `
  • Log out, close browser tab, stop docker container
  • Start docker container and try to log in again using the saved password
  • Failure to validate credentials
Originally created by @Propheticus on GitHub (May 5, 2024). Original GitHub issue: https://github.com/Mintplex-Labs/anything-llm/issues/1289 Originally assigned to: @timothycarambat on GitHub. ### How are you running AnythingLLM? Docker (local) ### What happened? I had used a pre-generated password from keepass that contained a `` ` `` e.g. ``H$byw&52nb`7`` Upon restart the password was not recognised until I tried `H$byw&52nb` ### Are there known steps to reproduce? - Do first time setup Docker image version of AnythingLLM - Choose an admin password containing a `` ` `` - Log out, close browser tab, stop docker container - Start docker container and try to log in again using the saved password - Failure to validate credentials
yindo added the bugDocker labels 2026-02-22 18:21:29 -05:00
yindo closed this issue 2026-02-22 18:21:29 -05:00
Author
Owner

@timothycarambat commented on GitHub (May 5, 2024):

When you use that exact password via the UI, it is escaped and works fine (both as a user pass and single-password set up).
We cannot police the arbitrary values put into the .env :/

@timothycarambat commented on GitHub (May 5, 2024): When you use that exact password via the UI, it is escaped and works fine (both as a user pass and single-password set up). We cannot police the arbitrary values put into the .env :/
Author
Owner

@Propheticus commented on GitHub (May 6, 2024):

Fyi, I did not touch the .env file
The password was recognized during the first run, but wasn't after stopping the container and starting a new. It was only recognised after I removed the last two digits.

@Propheticus commented on GitHub (May 6, 2024): Fyi, I did not touch the .env file The password was recognized during the first run, but wasn't after stopping the container and starting a new. It was only recognised after I removed the last two digits.
Author
Owner

@Propheticus commented on GitHub (May 6, 2024):

When altering the password which contains either a ' (single quote), # or ` (backtick), this happens in the .env:
image
The AUTH_TOKEN value is cut off after that quote/tick. While the container is still running logging in with the complete password works.
However, after stopping and starting the container, you must log in using fe instead of the whole password otherwise:
image

@Propheticus commented on GitHub (May 6, 2024): When altering the password which contains either a `'` (single quote), `#` or `` ` `` (backtick), this happens in the .env: ![image](https://github.com/Mintplex-Labs/anything-llm/assets/6628064/22bc8821-c565-4798-8831-c7b2cf4a0473) The AUTH_TOKEN value is cut off after that quote/tick. While the container is still running logging in with the complete password works. However, after stopping and starting the container, you must log in using `fe` instead of the whole password otherwise: ![image](https://github.com/Mintplex-Labs/anything-llm/assets/6628064/5b0cc676-a8e2-4efb-9e28-809a787d2213)
Author
Owner

@Propheticus commented on GitHub (May 10, 2024):

@timothycarambat small reminder, this closed issue might need some attention. At least when you say "We cannot police the arbitrary values put into the .env" it sounds like you think I manually altered the .env file, which was not the case.
Or do you mean you cannot police what A-LLM / Docker puts in the .env?

@Propheticus commented on GitHub (May 10, 2024): @timothycarambat small reminder, this closed issue might need some attention. At least when you say "We cannot police the arbitrary values put into the .env" it sounds like you think I manually altered the .env file, which was not the case. Or do you mean you cannot police what A-LLM / Docker puts in the .env?
Author
Owner

@timothycarambat commented on GitHub (May 10, 2024):

I realize now this is because of the writing to the ENV and \`` and #` are special values

@timothycarambat commented on GitHub (May 10, 2024): I realize now this is because of the _writing_ to the ENV and `\`` and `#` are special values
yindo changed title from [BUG]: An admin password containing `, ' or # does not work to [GH-ISSUE #1289] [BUG]: An admin password containing `, ' or # does not work 2026-06-05 14:37:19 -04:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Mintplex-Labs/anything-llm#809