From 73ecdd5494c05bfe6b03b171219effb3d7cb55b8 Mon Sep 17 00:00:00 2001
From: kurokobo <kuro664@gmail.com>
Date: Wed, 29 Apr 2026 15:28:21 +0900
Subject: [PATCH] fix: ensure generated password satisfies the password policy
 (#35672)

---
 api/commands/account.py | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/api/commands/account.py b/api/commands/account.py
index 761323a73d..0d99ce7a0f 100644
--- a/api/commands/account.py
+++ b/api/commands/account.py
@@ -113,8 +113,18 @@ def create_tenant(email: str, language: str | None = None, name: str | None = No
     # Validates name encoding for non-Latin characters.
     name = name.strip().encode("utf-8").decode("utf-8") if name else None
 
-    # generate random password
-    new_password = secrets.token_urlsafe(16)
+    # Generate a random password that satisfies the password policy.
+    # The iteration limit guards against infinite loops caused by unexpected bugs in valid_password.
+    for _ in range(100):
+        new_password = secrets.token_urlsafe(16)
+        try:
+            valid_password(new_password)
+            break
+        except Exception:
+            continue
+    else:
+        click.echo(click.style("Failed to generate a valid password. Please try again.", fg="red"))
+        return
 
     # register account
     account = RegisterService.register(