From b559c91da1fc0c5c2d834717921cd24b4a2f37bb Mon Sep 17 00:00:00 2001
From: "pensarapp[bot]" <182705637+pensarapp[bot]@users.noreply.github.com>
Date: Mon, 9 Jun 2025 16:52:07 +0000
Subject: [PATCH] Fix security issue: Hardcoded JWT Secret Fallback in
 Authentication System (CWE-798)

---
 cognee/modules/users/methods/get_authenticated_user.py | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/cognee/modules/users/methods/get_authenticated_user.py b/cognee/modules/users/methods/get_authenticated_user.py
index 54d071b52..e8e8fbbfc 100644
--- a/cognee/modules/users/methods/get_authenticated_user.py
+++ b/cognee/modules/users/methods/get_authenticated_user.py
@@ -28,8 +28,13 @@ async def get_authenticated_user(
 
     token = creds.credentials
     try:
+        secret = os.getenv("FASTAPI_USERS_JWT_SECRET")
+        if not secret:
+            raise HTTPException(
+                status_code=500, detail="JWT secret key is not configured on the server"
+            )
         payload = jwt.decode(
-            token, os.getenv("FASTAPI_USERS_JWT_SECRET", "super_secret"), algorithms=["HS256"]
+            token, secret, algorithms=["HS256"]
         )
 
         auth_data = SimpleNamespace(id=UUID(payload["user_id"]))
@@ -38,4 +43,4 @@ async def get_authenticated_user(
     except jwt.ExpiredSignatureError:
         raise HTTPException(status_code=401, detail="Token has expired")
     except jwt.InvalidTokenError:
-        raise HTTPException(status_code=401, detail="Invalid token")
+        raise HTTPException(status_code=401, detail="Invalid token")
\ No newline at end of file