diff --git a/apps/accounts/api/serializers.py b/apps/accounts/api/serializers.py
index c9ccbf2..20f1d35 100644
--- a/apps/accounts/api/serializers.py
+++ b/apps/accounts/api/serializers.py
@@ -15,13 +15,13 @@ class UserDetailSerializer(serializers.ModelSerializer):
 class UserLoginSerializer(serializers.ModelSerializer):
     token = serializers.CharField(allow_blank=True, read_only=True)
     username = serializers.CharField(required=False, allow_blank=True)
-    email = serializers.EmailField(required=False, allow_blank=True)
+    # email = serializers.EmailField(required=False, allow_blank=True)
 
     class Meta:
         model = User
         fields = [
             'username',
-            'email',
+            # 'email',
             'password',
             'token'
         ]
@@ -35,15 +35,21 @@ class UserLoginSerializer(serializers.ModelSerializer):
     def validate(self, data):
         user_obj = None
         username = data.get('username', None)
-        email = data.get('email', None)
+        # email = data.get('email', None)
         password = data.get('password', None)
 
-        if not email and not username:
+        # if not email and not username:
+        #     raise serializers.ValidationError('username or email is required to login.')
+        # user = User.objects.filter(
+        #     Q(username=username) |
+        #     Q(email=email)
+        # ).distinct()
+        if not username:
             raise serializers.ValidationError('username or email is required to login.')
         user = User.objects.filter(
-            Q(username=username) |
-            Q(email=email)
-        ).distinct()
+                Q(username=username) |
+                Q(email=username)
+            ).distinct()
         user = user.exclude(email__isnull=True).exclude(email__iexact='')
         if user.exists() and user.count() == 1:
             user_obj = user.first()
diff --git a/apps/accounts/api/views.py b/apps/accounts/api/views.py
index 5d9db83..e65ae04 100644
--- a/apps/accounts/api/views.py
+++ b/apps/accounts/api/views.py
@@ -1,13 +1,25 @@
 from django.contrib.auth import get_user_model
+from django.db.models import Q
 from rest_framework.response import Response
 from rest_framework.status import HTTP_201_CREATED, HTTP_400_BAD_REQUEST
 from rest_framework.views import APIView
 from rest_framework.permissions import AllowAny
 from .serializers import UserLoginSerializer
+from django.contrib.auth.backends import ModelBackend
 
 User = get_user_model()
 
 
+class CustomBackend(ModelBackend):
+    def authenticate(self, request, username=None, password=None, **kwargs):
+        try:
+            user = User.objects.get(Q(username=username)|Q(email=username))
+            if user.check_password(password):
+                return user
+        except Exception as e:
+            return None
+
+
 class UserLoginAPIView(APIView):
     permission_classes = [AllowAny]
     serializer_class = UserLoginSerializer
diff --git a/mosqkiller/settings.py b/mosqkiller/settings.py
index 4d5f17a..76f8f24 100644
--- a/mosqkiller/settings.py
+++ b/mosqkiller/settings.py
@@ -152,4 +152,9 @@ REST_FRAMEWORK = {
 
 JWT_AUTH = {
     'JWT_EXPIRATION_DELTA': datetime.timedelta(seconds=600),
-}
\ No newline at end of file
+}
+
+# Custom auth backend
+# AUTHENTICATION_BACKENDS = (
+#     'accounts.api.views.CustomBackend',
+# )
\ No newline at end of file