diff --git a/apps/auth1/views.py b/apps/auth1/views.py
index 70fd3ff5..1f9c5b79 100755
--- a/apps/auth1/views.py
+++ b/apps/auth1/views.py
@@ -183,8 +183,11 @@ class SecretLogin(CreateAPIView):
     serializer_class = SecretLoginSerializer
 
     def post(self, request):
-        username = request.data['username']
-        secret = request.data['secret']
+        sr = SecretLoginSerializer(data=request.data)
+        sr.is_valid(raise_exception=True)
+        vdata = sr.validated_data
+        username = vdata['username']
+        secret = vdata['secret']
         user = User.objects.filter(Q(username=username) | Q(phone=username) | Q(
             employee__id_number=username)).filter(secret=secret).first()
         if user: