diff --git a/app/Http/Controllers/AdminUserController.php b/app/Http/Controllers/AdminUserController.php
index e5c13c9..5a46958 100644
--- a/app/Http/Controllers/AdminUserController.php
+++ b/app/Http/Controllers/AdminUserController.php
@@ -8,6 +8,7 @@ use Illuminate\Http\Request;
 use Illuminate\Support\Facades\DB;
 use App\Http\Requestes\AdminUserRequest;
 use App\Http\Resources\AdminUserResource;
+use App\Http\Requestes\RestPasswordRequest;
 use App\Http\Requestes\AdminUserUpdateRequest;
 
 class AdminUserController extends Controller
@@ -84,7 +85,23 @@ class AdminUserController extends Controller
      * @return void
      */
     public function endable(AdminUser $adminUser){
+        if($adminUser->id == 1){
+            return $this->error('操作失败，请稍后再试');
+        }
+        $adminUser->update([
+            'is_enable' => (int) !$adminUser->is_enable
+        ]);
+        return $this->success('操作成功！');
+    }
 
+    public function editPassword(AdminUser $adminUser, RestPasswordRequest $request){
+        if($adminUser->id == 1){
+            return $this->error('操作失败，请稍后再试');
+        }
+        $adminUser->update([
+            'password' => bcrypt($request->input('password'))
+        ]);
+        return $this->success('修改成功！');
     }
 
 }
diff --git a/app/Http/Controllers/AuthController.php b/app/Http/Controllers/AuthController.php
index 1c6c0e9..00e201d 100644
--- a/app/Http/Controllers/AuthController.php
+++ b/app/Http/Controllers/AuthController.php
@@ -23,6 +23,10 @@ class AuthController extends Controller
             return $this->error('用户名或密码错误');
         }
 
+        if($user->is_enable !== 1){
+            return $this->error('用户状态异常请联系管理员');
+        }
+
         return $this->attemptUser($user);
     }
 
diff --git a/app/Http/Controllers/UserController.php b/app/Http/Controllers/UserController.php
index d82be25..40f0660 100644
--- a/app/Http/Controllers/UserController.php
+++ b/app/Http/Controllers/UserController.php
@@ -2,24 +2,17 @@
 
 namespace App\Http\Controllers;
 
-use App\Exceptions\BizException;
 use Illuminate\Http\Request;
+use App\Exceptions\BizException;
 use Illuminate\Support\Facades\Hash;
+use App\Http\Requestes\RestPasswordRequest;
 
 class UserController extends Controller
 {
-    public function resetPwd(Request $request)
+    public function resetPwd(RestPasswordRequest $request)
     {
-        $input = $request->validate([
-            'password' => 'required|current_password:api',
-            'new_password' => 'required',
-        ], [
-            'password.current_password' => '密码错误',
-        ]);
+        $input = $request->input();
         $user = auth('api')->user();
-        if (! $user || ! Hash::check($input['password'], $user->password)) {
-            throw new BizException('密码错误');
-        }
 
         $user->password = bcrypt($input['new_password']);
         $user->save();
diff --git a/app/Http/Requestes/RestPasswordRequest.php b/app/Http/Requestes/RestPasswordRequest.php
new file mode 100644
index 0000000..efa778e
--- /dev/null
+++ b/app/Http/Requestes/RestPasswordRequest.php
@@ -0,0 +1,42 @@
+<?php
+
+namespace App\Http\Requestes;
+
+use Illuminate\Contracts\Validation\Validator;
+use Illuminate\Foundation\Http\FormRequest;
+use Illuminate\Http\Exceptions\HttpResponseException;
+
+class RestPasswordRequest extends FormRequest
+{
+    /**
+     * Get the validation rules that apply to the request.
+     *
+     * @return array
+     */
+    public function rules()
+    {
+        return [
+            'password' => 'required|string|min:6|max:32',
+            'password_confirmation' => 'required|same:password',
+        ];
+    }
+
+    public function messages()
+    {
+        $messages = [
+            'password.required' => '请填写登录密码',
+            'password.string'=> '请正确填写密码',
+            'password.min' => '密码长度不能低于6位',
+            'password.max' => '密码长度不能超过32位',
+            'password.confirmed' => '两次密码不一致',
+        ];
+
+        return $messages;
+    }
+
+    protected function failedValidation(Validator $validator)
+    {
+        $error = $validator->errors()->all();
+        throw new HttpResponseException(response()->json(['data' => [], 'code' => 400, 'message' => $error[0]]));
+    }
+}
diff --git a/app/Http/Resources/AdminUserResource.php b/app/Http/Resources/AdminUserResource.php
index e55d1ab..066ef05 100644
--- a/app/Http/Resources/AdminUserResource.php
+++ b/app/Http/Resources/AdminUserResource.php
@@ -17,6 +17,7 @@ class AdminUserResource extends JsonResource
     {
         return [
             'id'   => $this->id,
+            'username' => $this->username,
             'name' => $this->name,
             'avatar'=> $this->avatar,
             'department' => $this->department,
diff --git a/app/Models/AdminUser.php b/app/Models/AdminUser.php
index 2a2b5d1..1ab675b 100644
--- a/app/Models/AdminUser.php
+++ b/app/Models/AdminUser.php
@@ -12,7 +12,7 @@ class AdminUser extends BaseAdminModel
 
     protected $fillable = [
         'name',
-        'usersname',
+        'username',
         'password',
         'avatar',
         'department', 'phone', 'status', 'is_enable',
diff --git a/routes/api.php b/routes/api.php
index 8170ac7..71562c8 100644
--- a/routes/api.php
+++ b/routes/api.php
@@ -31,6 +31,8 @@ Route::group(['middleware' => 'auth:sanctum'], function () {
 
         /** 系统管理 **/
         Route::apiResource('admin-users', AdminUserController::class)->names('admin_users');
+        Route::put('admin-users/{admin_user}/enable', [AdminUserController::class, 'endable'])->name('admin_users.enable');
+        Route::put('admin-users/{admin_user}/edit-password', [AdminUserController::class, 'editPassword'])->name('admin_users.edit_password');
         Route::apiResource('admin-roles', AdminRoleController::class)->names('admin_roles');
     });