diff --git a/yshop-app/src/main/java/co/yixiang/modules/auth/param/UpdatePasswordParam.java b/yshop-app/src/main/java/co/yixiang/modules/auth/param/UpdatePasswordParam.java
new file mode 100644
index 00000000..14b236b3
--- /dev/null
+++ b/yshop-app/src/main/java/co/yixiang/modules/auth/param/UpdatePasswordParam.java
@@ -0,0 +1,25 @@
+package co.yixiang.modules.auth.param;
+
+import io.swagger.annotations.ApiModelProperty;
+import lombok.Data;
+
+import javax.validation.constraints.NotBlank;
+
+/**
+ * @author : gzlv 2021/7/20 17:27
+ */
+@Data
+public class UpdatePasswordParam {
+
+    @NotBlank(message = "手机号必填")
+    @ApiModelProperty(value = "手机号码")
+    private String account;
+
+    @NotBlank(message = "验证码必填")
+    @ApiModelProperty(value = "验证码")
+    private String captcha;
+
+    @NotBlank(message = "密码必填")
+    @ApiModelProperty(value = "密码")
+    private String password;
+}
diff --git a/yshop-app/src/main/java/co/yixiang/modules/auth/rest/AuthController.java b/yshop-app/src/main/java/co/yixiang/modules/auth/rest/AuthController.java
index 4d3dad1a..0d6e2404 100644
--- a/yshop-app/src/main/java/co/yixiang/modules/auth/rest/AuthController.java
+++ b/yshop-app/src/main/java/co/yixiang/modules/auth/rest/AuthController.java
@@ -218,6 +218,37 @@ public class AuthController {
         return ApiResult.ok(map).setMsg("登陆成功");
     }
 
+    @AuthCheck
+    @ApiOperation("修改密码")
+    @PostMapping(value = "/register/reset")
+    public ApiResult<Boolean> updatePassword(@Validated @RequestBody UpdatePasswordParam updatePasswordParam,HttpServletRequest request) {
+        Object codeObj = redisUtil.get("code_" + updatePasswordParam.getAccount());
+        if(codeObj == null){
+            throw new YshopException("请先获取验证码");
+        }
+        String code = codeObj.toString();
+        if (!StrUtil.equals(code, updatePasswordParam.getCaptcha())) {
+            throw new YshopException("验证码错误");
+        }
+        YxUser yxUser = userService.getOne(Wrappers.<YxUser>lambdaQuery()
+                .eq(YxUser::getUsername,updatePasswordParam.getAccount()));
+
+        if(yxUser == null) {
+            throw new YshopException("账号不存在,数据错误");
+        }
+        yxUser.setPassword(SecureUtil.md5(updatePasswordParam.getPassword()));
+        boolean b = userService.updateById(yxUser);
+        if (!b) {
+            throw new YshopException("修改失败");
+        }
+        String bearerToken = request.getHeader("Authorization");
+        String[] tokens = bearerToken.split(" ");
+        String token = tokens[1];
+        authService.logout(LocalUser.getUser().getUsername(), token);
+
+        return ApiResult.ok(true).setMsg("修改成功");
+    }
+
 
     @PostMapping("/register")
     @ApiOperation(value = "H5/APP注册新用户", notes = "H5/APP注册新用户")