diff --git a/bonus-auth/src/main/java/com/bonus/auth/controller/TokenController.java b/bonus-auth/src/main/java/com/bonus/auth/controller/TokenController.java
index c699696..2db71b8 100644
--- a/bonus-auth/src/main/java/com/bonus/auth/controller/TokenController.java
+++ b/bonus-auth/src/main/java/com/bonus/auth/controller/TokenController.java
@@ -104,7 +104,7 @@ public class TokenController {
             return R.fail("不支持的登录方式");
         }
         LoginUser login = strategy.login(form.getUsername(), form.getPassword());
-        if (login.getRoles().contains("admin") && form.getLoginType().equals(LoginType.USERNAME_PASSWORD)) {
+        if (login.getRoles().contains("admin") && form.getLoginType().equals(LoginType.USERNAME_PASSWORD) && isAdmin) {
             passwordValidatorService.checkPhoneCaptcha(form.getVerificationCode(), login.getSysUser().getPhonenumber());
             return R.ok(tokenService.createToken(login));
         } else {