diff --git a/features/security/account.go b/features/security/account.go
index 261759d4..ac70420c 100644
--- a/features/security/account.go
+++ b/features/security/account.go
@@ -90,7 +90,7 @@ func LoginFromOMC(w http.ResponseWriter, r *http.Request) {
 	*/
 	validUser, user, err := dborm.XormCheckLoginUser(oAuthBody.UserName,
 		oAuthBody.Value, config.GetYamlConfig().Auth.Crypt)
-	if !validUser && err != nil {
+	if !validUser || err != nil {
 		// response 400-4
 		log.Error("Authentication failed, mismatch user or password")
 		services.ResponseErrorWithJson(w, 400, err.Error())
@@ -112,13 +112,17 @@ func LoginFromOMC(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	// 缓存用户信息
-	account.CacheLoginUser(user)
-	// 角色权限集合，管理员拥有所有权限
-	userId := fmt.Sprint(user.Id)
-	isAdmin := conf.IsAdmin(userId)
-	roles, perms := service.NewServiceAccount.RoleAndMenuPerms(userId, isAdmin)
-	services.ResponseStatusOK200LoginWhitRP(w, token, user, roles, perms)
+	if user != nil {
+		// 缓存用户信息
+		account.CacheLoginUser(user)
+		// 角色权限集合，管理员拥有所有权限
+		userId := fmt.Sprint(user.Id)
+		isAdmin := conf.IsAdmin(userId)
+		roles, perms := service.NewServiceAccount.RoleAndMenuPerms(userId, isAdmin)
+		services.ResponseStatusOK200LoginWhitRP(w, token, user, roles, perms)
+		return
+	}
+	services.ResponseBadRequest400IncorrectLogin(w)
 }
 
 func LogoutFromOMC(w http.ResponseWriter, r *http.Request) {