gmakstutis/cognee
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix security issue: Hardcoded JWT Secret in Authentication System (CWE-798)

Browse source
This commit is contained in:
pensarapp[bot] 2025-05-22 08:47:15 +00:00 committed by GitHub
parent b1b4ae3d5f
commit bbffdc6af2
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 9 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
cognee/modules/users/methods/get_authenticated_user.py
View file

@ -17,8 +17,15 @@ async def get_authenticated_user(authorization: str = Header(...)) -> SimpleName
if scheme.lower() != "bearer":
raise HTTPException(status_code=401, detail="Invalid authentication scheme")
jwt_secret = os.getenv("FASTAPI_USERS_JWT_SECRET")
if not jwt_secret:
raise HTTPException(
status_code=500,
detail="JWT secret missing: FASTAPI_USERS_JWT_SECRET environment variable not set"
)
payload = jwt.decode(
token, os.getenv("FASTAPI_USERS_JWT_SECRET", "super_secret"), algorithms=["HS256"]
token, jwt_secret, algorithms=["HS256"]
)
if payload["tenant_id"]:
@ -38,4 +45,4 @@ async def get_authenticated_user(authorization: str = Header(...)) -> SimpleName
except jwt.ExpiredSignatureError:
raise HTTPException(status_code=401, detail="Token has expired")
except jwt.InvalidTokenError:
raise HTTPException(status_code=401, detail="Invalid token")
raise HTTPException(status_code=401, detail="Invalid token")