diff --git a/sgzb-auth/src/main/java/com/bonus/sgzb/auth/controller/TokenController.java b/sgzb-auth/src/main/java/com/bonus/sgzb/auth/controller/TokenController.java
index 2e6225c4..d3ff12ab 100644
--- a/sgzb-auth/src/main/java/com/bonus/sgzb/auth/controller/TokenController.java
+++ b/sgzb-auth/src/main/java/com/bonus/sgzb/auth/controller/TokenController.java
@@ -58,12 +58,24 @@ public class TokenController {
     //web端登录
     @PostMapping("login")
     public R<?> login(@RequestBody LoginBody form) throws Exception {
+        // 用户登录
         LoginUser userInfo = sysLoginService.login(form.getUsername(), form.getPassword());
-        if (userInfo != null) {
-            userInfo.setLoginMethod("mobile");
+        String uuid = form.getUuid();
+        String captcha = redisService.getCacheObject(CacheConstants.CAPTCHA_CODE_KEY + uuid).toString();
+        if (StringUtils.isBlank(captcha)) {
+            // 删除验证码缓存
+            redisService.deleteObject(CacheConstants.CAPTCHA_CODE_KEY + uuid);
+            return R.fail("验证码超时，请重新刷新");
+        }
+        if (form.getCode() != null && form.getCode().equals(captcha)) {
+            // 删除验证码缓存
+            redisService.deleteObject(CacheConstants.CAPTCHA_CODE_KEY + uuid);
+            // 获取登录token
             return R.ok(tokenService.createToken(userInfo));
         } else {
-            return R.fail("登录信息为空，请重试");
+            // 删除验证码缓存
+            redisService.deleteObject(CacheConstants.CAPTCHA_CODE_KEY + uuid);
+            return R.fail("验证码错误");
         }
     }