diff --git a/backend/apps/web/routers/auths.py b/backend/apps/web/routers/auths.py
index 34dab9b2..7ff645dc 100644
--- a/backend/apps/web/routers/auths.py
+++ b/backend/apps/web/routers/auths.py
@@ -23,6 +23,7 @@ from utils.utils import (
     get_password_hash,
     get_current_user,
     create_token,
+    verify_auth_token,
 )
 from utils.misc import get_gravatar_url
 from constants import ERROR_MESSAGES
@@ -35,7 +36,7 @@ router = APIRouter()
 ############################
 
 
-@router.get("/", response_model=UserResponse)
+@router.get("/", response_model=UserResponse, dependencies=[Depends(verify_auth_token)])
 async def get_session_user(user=Depends(get_current_user)):
     return {
         "id": user.id,
@@ -51,11 +52,12 @@ async def get_session_user(user=Depends(get_current_user)):
 ############################
 
 
-@router.post("/update/password", response_model=bool)
-async def update_password(form_data: UpdatePasswordForm, cred=Depends(bearer_scheme)):
-    token = cred.credentials
-    session_user = Users.get_user_by_token(token)
-
+@router.post(
+    "/update/password", response_model=bool, dependencies=[Depends(verify_auth_token)]
+)
+async def update_password(
+    form_data: UpdatePasswordForm, session_user=Depends(get_current_user)
+):
     if session_user:
         user = Auths.authenticate_user(session_user.email, form_data.password)
 
diff --git a/backend/apps/web/routers/users.py b/backend/apps/web/routers/users.py
index 2c33c158..950b23fa 100644
--- a/backend/apps/web/routers/users.py
+++ b/backend/apps/web/routers/users.py
@@ -62,34 +62,25 @@ async def update_user_role(
 
 
 @router.delete("/{user_id}", response_model=bool)
-async def delete_user_by_id(user_id: str, cred=Depends(bearer_scheme)):
-    token = cred.credentials
-    user = Users.get_user_by_token(token)
+async def delete_user_by_id(user_id: str, user=Depends(get_current_user)):
+    if user.role == "admin":
+        if user.id != user_id:
+            result = Auths.delete_auth_by_id(user_id)
 
-    if user:
-        if user.role == "admin":
-            if user.id != user_id:
-                result = Auths.delete_auth_by_id(user_id)
-
-                if result:
-                    return True
-                else:
-                    raise HTTPException(
-                        status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
-                        detail=ERROR_MESSAGES.DELETE_USER_ERROR,
-                    )
+            if result:
+                return True
             else:
                 raise HTTPException(
-                    status_code=status.HTTP_403_FORBIDDEN,
-                    detail=ERROR_MESSAGES.ACTION_PROHIBITED,
+                    status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+                    detail=ERROR_MESSAGES.DELETE_USER_ERROR,
                 )
         else:
             raise HTTPException(
                 status_code=status.HTTP_403_FORBIDDEN,
-                detail=ERROR_MESSAGES.ACCESS_PROHIBITED,
+                detail=ERROR_MESSAGES.ACTION_PROHIBITED,
             )
     else:
         raise HTTPException(
-            status_code=status.HTTP_401_UNAUTHORIZED,
-            detail=ERROR_MESSAGES.INVALID_TOKEN,
+            status_code=status.HTTP_403_FORBIDDEN,
+            detail=ERROR_MESSAGES.ACCESS_PROHIBITED,
         )