diff --git a/app/Http/Controllers/Api/Auth/AccessTokenController.php b/app/Http/Controllers/Api/Auth/AccessTokenController.php
index 2924cb1..f696f34 100644
--- a/app/Http/Controllers/Api/Auth/AccessTokenController.php
+++ b/app/Http/Controllers/Api/Auth/AccessTokenController.php
@@ -27,7 +27,7 @@ class AccessTokenController extends Controller
 
         $adminUser = AdminUser::where('username', $validated['username'])->first();
 
-        if (! Hash::check($validated['password'], (string) $adminUser?->password)) {
+        if (is_null($adminUser?->password) || ! Hash::check($validated['password'], $adminUser->password)) {
             throw ValidationException::withMessages([
                 'username' => ['账号或密码错误'],
             ]);