diff --git a/controller/user.go b/controller/user.go
index dafb6609..c174c798 100644
--- a/controller/user.go
+++ b/controller/user.go
@@ -782,12 +782,14 @@ func DeleteUser(c *gin.Context) {
 	}
 	err = model.HardDeleteUserById(id)
 	if err != nil {
-		c.JSON(http.StatusOK, gin.H{
-			"success": true,
-			"message": "",
-		})
+		common.ApiError(c, err)
 		return
 	}
+	c.JSON(http.StatusOK, gin.H{
+		"success": true,
+		"message": "",
+	})
+	return
 }
 
 func DeleteSelf(c *gin.Context) {
diff --git a/web/default/src/features/users/components/users-mutate-drawer.tsx b/web/default/src/features/users/components/users-mutate-drawer.tsx
index 427da8b6..3d3c2a4b 100644
--- a/web/default/src/features/users/components/users-mutate-drawer.tsx
+++ b/web/default/src/features/users/components/users-mutate-drawer.tsx
@@ -121,6 +121,17 @@ export function UsersMutateDrawer({
   const currentQuotaRaw = form.watch('quota_dollars') || 0
 
   const onSubmit = async (data: UserFormValues) => {
+    if (!isUpdate) {
+      const passwordLength = data.password?.length || 0
+      if (passwordLength < 8 || passwordLength > 20) {
+        form.setError('password', {
+          type: 'manual',
+          message: t('Password must be between 8 and 20 characters'),
+        })
+        return
+      }
+    }
+
     setIsSubmitting(true)
     try {
       const payload = transformFormDataToPayload(data, currentRow?.id)