diff --git a/client/src/api/user.js b/client/src/api/user.js
index f444181..d03a874 100644
--- a/client/src/api/user.js
+++ b/client/src/api/user.js
@@ -8,6 +8,14 @@ export function login(data) {
   })
 }
 
+export function fulllogin(data) {
+  return request({
+    url: '/login/',
+    method: 'post',
+    data
+  })
+}
+
 export function login2(data) {
   //验证码登录
   return request({
@@ -24,10 +32,11 @@ export function logout() {
   })
 }
 
-export function getInfo() {
+export function getInfo(token) {
   return request({
     url: '/system/user/info/',
-    method: 'get'
+    method: 'get',
+    params: { token }
   })
 }
 
diff --git a/client/src/store/modules/user.js b/client/src/store/modules/user.js
index 4c22753..185db55 100644
--- a/client/src/store/modules/user.js
+++ b/client/src/store/modules/user.js
@@ -1,4 +1,4 @@
-import { login, logout, getInfo, login2 } from '@/api/user'
+import { login, logout, getInfo, login2, fulllogin } from '@/api/user'
 import { getToken, setToken, removeToken } from '@/utils/auth'
 import { resetRouter } from '@/router'
 
@@ -47,6 +47,34 @@ const actions = {
       })
     })
   },
+  fulllogin({ commit }, userInfo) {
+    const { username, password } = userInfo
+    return new Promise((resolve, reject) => {
+      fulllogin({ username: username.trim(), password: password }).then(response => {
+        const { data } = response
+        commit('SET_TOKEN', data.access)
+        setToken(data.access)
+        if (!data.user) {
+          reject('验证失败,重新登录.')
+        }
+
+        const { perms, name, avatar } = data.user
+
+        // perms must be a non-empty array
+        if (!perms || perms.length <= 0) {
+          reject('没有任何权限!')
+        }
+        
+        commit('SET_PERMS', perms)
+        commit('SET_NAME', name)
+        commit('SET_AVATAR', avatar)
+        resolve()
+    
+      }).catch(error => {
+        reject(error)
+      })
+    })
+  },
 // user code login
   login2({ commit }, msginfo) {
     const { mail, msg } = msginfo
@@ -84,7 +112,25 @@ const actions = {
         commit('SET_AVATAR', avatar)
         resolve(data)
       }).catch(error => {
-        reject(error)
+        getInfo(state.token).then(response => {
+          const { data } = response
+  
+          if (!data) {
+            reject('验证失败,重新登录.')
+          }
+  
+          const { perms, name, avatar } = data
+  
+          // perms must be a non-empty array
+          if (!perms || perms.length <= 0) {
+            reject('没有任何权限!')
+          }
+          
+          commit('SET_PERMS', perms)
+          commit('SET_NAME', name)
+          commit('SET_AVATAR', avatar)
+          resolve(data)
+        }).catch(e=>{})
       })
     })
   },
diff --git a/client/src/utils/request.js b/client/src/utils/request.js
index 753f2a1..d4641f5 100644
--- a/client/src/utils/request.js
+++ b/client/src/utils/request.js
@@ -6,7 +6,7 @@ import { getToken } from '@/utils/auth'
 // create an axios instance
 const service = axios.create({
   baseURL: process.env.VUE_APP_BASE_API, // url = base url + request url
-  withCredentials: true, // send cookies when cross-domain requests
+  // withCredentials: true, // send cookies when cross-domain requests
   timeout: 300000 // request timeout
 })
 
diff --git a/server/apps/ability/views.py b/server/apps/ability/views.py
index 889a6f2..b6a6307 100644
--- a/server/apps/ability/views.py
+++ b/server/apps/ability/views.py
@@ -57,9 +57,10 @@ class CMAViewSet(ModelViewSet):
             CMA.objects.filter(type='center').delete()
             for root, dirs, files in os.walk(fulldir):
                 for f in files:
-                    if f.endswith('.xls'):
+                    if f.endswith('.xlsx'):
                         import_cma(f, os.path.join(root,f))
-                    return Response('不支持非xlsx格式', status = status.HTTP_400_BAD_REQUEST)
+                    else:
+                        return Response('不支持非xlsx格式', status = status.HTTP_400_BAD_REQUEST)
         elif fullpath.endswith('.zip'):
             fulldir = fullpath.replace('.zip','')
             os.mkdir(fulldir)
@@ -71,7 +72,8 @@ class CMAViewSet(ModelViewSet):
                     for f in files:
                         if f.endswith('.xlsx'):
                             import_cma(f.encode('cp437').decode('gbk'), os.path.join(root,f))
-                        return Response('不支持非xlsx格式', status = status.HTTP_400_BAD_REQUEST)
+                        else:
+                            return Response('不支持非xlsx格式', status = status.HTTP_400_BAD_REQUEST)
         return Response(status = status.HTTP_200_OK)
     
     @action(methods=['post'], detail=False, url_path='import2', url_name='cma_import2', perms_map = {'post':'cma_import2'})
@@ -94,7 +96,8 @@ class CMAViewSet(ModelViewSet):
                 for f in files:
                     if f.endswith('.xlsx'):
                         import_cma2(f, os.path.join(root,f))
-                    return Response('不支持非xlsx格式', status = status.HTTP_400_BAD_REQUEST)
+                    else:
+                        return Response('不支持非xlsx格式', status = status.HTTP_400_BAD_REQUEST)
         elif fullpath.endswith('.zip'):
             fulldir = fullpath.replace('.zip','')
             os.mkdir(fulldir)
@@ -106,7 +109,8 @@ class CMAViewSet(ModelViewSet):
                     for f in files:
                         if f.endswith('.xlsx'):
                             import_cma2(f.encode('cp437').decode('gbk'), os.path.join(root,f))
-                        return Response('不支持非xlsx格式', status = status.HTTP_400_BAD_REQUEST)
+                        else:
+                            return Response('不支持非xlsx格式', status = status.HTTP_400_BAD_REQUEST)
         return Response(status = status.HTTP_200_OK)
 
 class QualificationViewSet(ModelViewSet):
diff --git a/server/server/urls.py b/server/server/urls.py
index ec709c4..aff0004 100644
--- a/server/server/urls.py
+++ b/server/server/urls.py
@@ -28,9 +28,37 @@ router = routers.DefaultRouter()
 router.register('file', FileViewSet, basename="file")
 from django.conf.urls import url
 
+from rest_framework_simplejwt.serializers import TokenObtainPairSerializer
+from rest_framework_simplejwt.views import TokenViewBase
+from apps.system.permission import get_permission_list
+class MyloginSerializer(TokenObtainPairSerializer):
+    def validate(self, attrs):
+        data = super().validate(attrs)
+
+        refresh = self.get_token(self.user)
+
+        data['refresh'] = str(refresh)
+        data['access'] = str(refresh.access_token)
+        user = self.user
+        perms = get_permission_list(user)
+        data['user'] = {
+            'id': user.id,
+            'username': user.username,
+            'name': user.name,
+            'roles': user.roles.all().values_list('name', flat=True),
+            # 'avatar': request._request._current_scheme_host + '/media/' + str(user.image),
+            'avatar': user.avatar,
+            'perms': perms,
+        }
+        return data
+
+class MyTokenObtainPairView(TokenViewBase):
+    serializer_class = MyloginSerializer
+
 urlpatterns = [
     path('', TemplateView.as_view(template_name="index.html")),
     path('api/admin/', admin.site.urls),
+    path('api/login/', MyTokenObtainPairView.as_view(), name='my_login'),
     path('api/token/', TokenObtainPairView.as_view(), name='token_obtain_pair'),
     path('api/token2/', Login2View.as_view(), name='token_obtain_2'),
     path('api/token/refresh/', TokenRefreshView.as_view(), name='token_refresh'),