From ed988b5b509eefcc8982ad60b9135589aaae0f2d Mon Sep 17 00:00:00 2001
From: "pensarapp[bot]" <182705637+pensarapp[bot]@users.noreply.github.com>
Date: Mon, 9 Jun 2025 16:52:29 +0000
Subject: [PATCH] Fix security issue: Hard-coded JWT Secret Key in
 Authentication Backend (CWE-798)

---
 cognee/modules/users/authentication/get_auth_backend.py | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/cognee/modules/users/authentication/get_auth_backend.py b/cognee/modules/users/authentication/get_auth_backend.py
index b0041c081..21b1744a0 100644
--- a/cognee/modules/users/authentication/get_auth_backend.py
+++ b/cognee/modules/users/authentication/get_auth_backend.py
@@ -29,7 +29,11 @@ def get_auth_backend():
     bearer_transport = BearerTransport(tokenUrl="api/v1/auth/login")
 
     def get_jwt_strategy() -> JWTStrategy[models.UP, models.ID]:
-        secret = os.getenv("FASTAPI_USERS_JWT_SECRET", "super_secret")
+        secret = os.getenv("FASTAPI_USERS_JWT_SECRET")
+        if not secret:
+            raise RuntimeError(
+                "FASTAPI_USERS_JWT_SECRET environment variable must be set and non-empty for JWT authentication."
+            )
         return CustomJWTStrategy(secret, lifetime_seconds=3600)
 
     auth_backend = AuthenticationBackend(
@@ -38,4 +42,4 @@ def get_auth_backend():
         get_strategy=get_jwt_strategy,
     )
 
-    return auth_backend
+    return auth_backend
\ No newline at end of file