diff --git a/sf_bf_connect/models/http.py b/sf_bf_connect/models/http.py
index 6b0b3ebd..8f546c88 100644
--- a/sf_bf_connect/models/http.py
+++ b/sf_bf_connect/models/http.py
@@ -1,7 +1,6 @@
 # -*- coding: utf-8 -*-
 import logging
-import datetime
-import time
+from datetime import datetime, timedelta
 import hashlib
 from odoo import models
 from odoo.http import request
@@ -10,8 +9,6 @@ __author__ = 'jinling.yang'
 
 _logger = logging.getLogger(__name__)
 
-class AuthenticationError(Exception):
-    pass
 
 class AuthenticationError(Exception):
     pass
@@ -29,16 +26,18 @@ class Http(models.AbstractModel):
             # 查询密钥
             factory_secret = request.env['res.partner'].sudo().search(
                 [('sf_token', '=', datas['HTTP_TOKEN'])], limit=1)
-            logging.info('factory_secret:%s' % factory_secret)
             if not factory_secret:
                 raise AuthenticationError('无效的token')
-            timestamp_str = int(time.time())
             # 设置API接口请求时间,不能超过5秒
-            deltime = datetime.timedelta(seconds=5)
-            # if abs(int(datas['HTTP_TIMESTAMP'])-timestamp_str) > deltime.seconds:
+            # deltime = datetime.timedelta(seconds=30)
+            # if abs(int(datas['HTTP_TIMESTAMP']) - timestamp_str) > deltime.seconds:
             #     raise AuthenticationError('请求已过期')
-            # 获得sha1_str加密字符串
             post_time = int(datas['HTTP_TIMESTAMP'])
+            datetime_post = datetime.fromtimestamp(post_time)
+            datetime_now = datetime.now().replace(microsecond=0)
+            datetime_del = datetime_now + timedelta(seconds=5)
+            if datetime_post > datetime_del:
+                raise AuthenticationError('请求已过期')
             check_str = '%s%s%s' % (datas['HTTP_TOKEN'], post_time, factory_secret.sf_secret_key)
             check_sf_str = hashlib.sha1(check_str.encode('utf-8')).hexdigest()
             if check_sf_str != datas['HTTP_CHECKSTR']: