diff --git a/apps/audits/api.py b/apps/audits/api.py
index 83caf0db9..ed44bdc1a 100644
--- a/apps/audits/api.py
+++ b/apps/audits/api.py
@@ -94,8 +94,14 @@ class CommandExecutionViewSet(ListModelMixin, OrgGenericViewSet):
     date_range_filter_fields = [
         ('date_start', ('date_from', 'date_to'))
     ]
-    filterset_fields = ['user__name', 'command', 'run_as__name', 'is_finished']
-    search_fields = ['command', 'user__name', 'run_as__name']
+    filterset_fields = [
+        'user__name', 'user__username', 'command',
+        'run_as__name', 'run_as__username', 'is_finished'
+    ]
+    search_fields = [
+        'command', 'user__name', 'user__username',
+        'run_as__name', 'run_as__username',
+    ]
     ordering = ['-date_created']
 
     def get_queryset(self):
diff --git a/apps/audits/serializers.py b/apps/audits/serializers.py
index d7ab3e996..7bab342ee 100644
--- a/apps/audits/serializers.py
+++ b/apps/audits/serializers.py
@@ -82,7 +82,7 @@ class CommandExecutionSerializer(serializers.ModelSerializer):
         model = CommandExecution
         fields_mini = ['id']
         fields_small = fields_mini + [
-            'run_as', 'command', 'user', 'is_finished',
+            'run_as', 'command', 'is_finished', 'user',
             'date_start', 'result', 'is_success', 'org_id'
         ]
         fields = fields_small + ['hosts', 'hosts_display', 'run_as_display', 'user_display']
diff --git a/apps/audits/signals_handler.py b/apps/audits/signals_handler.py
index 930a1f03d..5f94fb42a 100644
--- a/apps/audits/signals_handler.py
+++ b/apps/audits/signals_handler.py
@@ -57,6 +57,7 @@ class AuthBackendLabelMapping(LazyObject):
         backend_label_mapping[settings.AUTH_BACKEND_PUBKEY] = _('SSH Key')
         backend_label_mapping[settings.AUTH_BACKEND_MODEL] = _('Password')
         backend_label_mapping[settings.AUTH_BACKEND_SSO] = _('SSO')
+        backend_label_mapping[settings.AUTH_BACKEND_AUTH_TOKEN] = _('Auth Token')
         backend_label_mapping[settings.AUTH_BACKEND_WECOM] = _('WeCom')
         backend_label_mapping[settings.AUTH_BACKEND_DINGTALK] = _('DingTalk')
         return backend_label_mapping
@@ -156,12 +157,13 @@ def get_login_backend(request):
     return backend_label
 
 
-def generate_data(username, request):
+def generate_data(username, request, login_type=None):
     user_agent = request.META.get('HTTP_USER_AGENT', '')
     login_ip = get_request_ip(request) or '0.0.0.0'
-    if isinstance(request, Request):
+
+    if login_type is None and isinstance(request, Request):
         login_type = request.META.get('HTTP_X_JMS_LOGIN_TYPE', 'U')
-    else:
+    if login_type is None:
         login_type = 'W'
 
     data = {
@@ -176,9 +178,9 @@ def generate_data(username, request):
 
 
 @receiver(post_auth_success)
-def on_user_auth_success(sender, user, request, **kwargs):
+def on_user_auth_success(sender, user, request, login_type=None, **kwargs):
     logger.debug('User login success: {}'.format(user.username))
-    data = generate_data(user.username, request)
+    data = generate_data(user.username, request, login_type=login_type)
     data.update({'mfa': int(user.mfa_enabled), 'status': True})
     write_login_log(**data)
 
diff --git a/apps/authentication/api/connection_token.py b/apps/authentication/api/connection_token.py
index 76d6e934d..e9678392d 100644
--- a/apps/authentication/api/connection_token.py
+++ b/apps/authentication/api/connection_token.py
@@ -6,12 +6,14 @@ from django.conf import settings
 from django.core.cache import cache
 from django.shortcuts import get_object_or_404
 from django.http import HttpResponse
+from django.utils.translation import ugettext as _
 from rest_framework.response import Response
 from rest_framework.viewsets import GenericViewSet
 from rest_framework.decorators import action
 from rest_framework.exceptions import PermissionDenied
 from rest_framework import serializers
 
+from authentication.signals import post_auth_failed, post_auth_success
 from common.utils import get_logger, random_string
 from common.drf.api import SerializerMixin2
 from common.permissions import IsSuperUserOrAppUser, IsValidUser, IsSuperUser
@@ -51,10 +53,6 @@ class UserConnectionTokenViewSet(RootOrgViewMixin, SerializerMixin2, GenericView
         return True
 
     def create_token(self, user, asset, application, system_user, ttl=5*60):
-        if not settings.CONNECTION_TOKEN_ENABLED:
-            raise PermissionDenied('Connection token disabled')
-        if not user:
-            user = self.request.user
         if not self.request.user.is_superuser and user != self.request.user:
             raise PermissionDenied('Only super user can create user token')
         self.check_resource_permission(user, asset, application, system_user)
@@ -238,7 +236,14 @@ class UserConnectionTokenViewSet(RootOrgViewMixin, SerializerMixin2, GenericView
     @action(methods=['POST'], detail=False, permission_classes=[IsSuperUserOrAppUser], url_path='secret-info/detail')
     def get_secret_detail(self, request, *args, **kwargs):
         token = request.data.get('token', '')
-        value, user, system_user, asset, app = self.valid_token(token)
+        try:
+            value, user, system_user, asset, app = self.valid_token(token)
+        except serializers.ValidationError as e:
+            post_auth_failed.send(
+                sender=self.__class__, username='', request=self.request,
+                reason=_('Invalid token')
+            )
+            raise e
 
         data = dict(user=user, system_user=system_user)
         if asset:
@@ -252,6 +257,9 @@ class UserConnectionTokenViewSet(RootOrgViewMixin, SerializerMixin2, GenericView
             data['type'] = 'application'
             data.update(app_detail)
 
+        self.request.session['auth_backend'] = settings.AUTH_BACKEND_AUTH_TOKEN
+        post_auth_success.send(sender=self.__class__, user=user, request=self.request, login_type='T')
+
         serializer = self.get_serializer(data)
         return Response(data=serializer.data, status=200)
 
diff --git a/apps/authentication/backends/api.py b/apps/authentication/backends/api.py
index 9da3bbbc3..308c441a2 100644
--- a/apps/authentication/backends/api.py
+++ b/apps/authentication/backends/api.py
@@ -228,3 +228,11 @@ class DingTalkAuthentication(ModelBackend):
 
     def authenticate(self, request, **kwargs):
         pass
+
+
+class AuthorizationTokenAuthentication(ModelBackend):
+    """
+    什么也不做呀😺
+    """
+    def authenticate(self, request, **kwargs):
+        pass
diff --git a/apps/jumpserver/settings/auth.py b/apps/jumpserver/settings/auth.py
index 502146f13..a4b2fb296 100644
--- a/apps/jumpserver/settings/auth.py
+++ b/apps/jumpserver/settings/auth.py
@@ -130,10 +130,12 @@ AUTH_BACKEND_CAS = 'authentication.backends.cas.CASBackend'
 AUTH_BACKEND_SSO = 'authentication.backends.api.SSOAuthentication'
 AUTH_BACKEND_WECOM = 'authentication.backends.api.WeComAuthentication'
 AUTH_BACKEND_DINGTALK = 'authentication.backends.api.DingTalkAuthentication'
+AUTH_BACKEND_AUTH_TOKEN = 'authentication.backends.api.AuthorizationTokenAuthentication'
 
 
 AUTHENTICATION_BACKENDS = [
-    AUTH_BACKEND_MODEL, AUTH_BACKEND_PUBKEY, AUTH_BACKEND_WECOM, AUTH_BACKEND_DINGTALK
+    AUTH_BACKEND_MODEL, AUTH_BACKEND_PUBKEY, AUTH_BACKEND_WECOM,
+    AUTH_BACKEND_DINGTALK, AUTH_BACKEND_AUTH_TOKEN
 ]
 
 if AUTH_CAS: