diff --git a/hinghwa-dict-backend/user/urls.py b/hinghwa-dict-backend/user/urls.py
index da378d4e..0a0f43a6 100644
--- a/hinghwa-dict-backend/user/urls.py
+++ b/hinghwa-dict-backend/user/urls.py
@@ -1,6 +1,6 @@
 from django.urls import path
 
-from .view.wechat import WechatLogin, WechatRegister, BindWechat
+from .view.wechat import WechatLogin, WechatRegister, BindWechat, WechatManage
 from .views import *
 from .view.manage import *
 from .view.forget import *
@@ -17,6 +17,7 @@
 urlpatterns += [
     path("<int:id>", csrf_exempt(Manage.as_view())),  # get US0201 put US0301
     path("<int:id>/password", csrf_exempt(ManagePassword.as_view())),  # put US0302
+    path("<int:id>/password/reset", csrf_exempt(WechatManage.as_view())),  # post US0307
     path("<int:id>/email", csrf_exempt(ManageEmail.as_view())),  # put US0303
     path("<int:id>/points", csrf_exempt(ManagePoints.as_view())),
 ]
diff --git a/hinghwa-dict-backend/user/view/wechat.py b/hinghwa-dict-backend/user/view/wechat.py
index b185fd50..403feedf 100644
--- a/hinghwa-dict-backend/user/view/wechat.py
+++ b/hinghwa-dict-backend/user/view/wechat.py
@@ -13,7 +13,9 @@
     NotBoundWechat,
     NotFoundException,
 )
+from utils.exception.types.forbidden import ForbiddenException
 from utils.token import generate_token, check_request_user
+from user.dto.user_all import user_all
 
 
 class OpenId:
@@ -106,3 +108,29 @@ def delete(self, request, id) -> JsonResponse:
         user.user_info.wechat = ""
         user.user_info.save()
         return JsonResponse({}, status=200)
+
+
+class WechatManage(View):
+    # US0307 微信更新用户密码
+    def post(self, request, id) -> JsonResponse:
+        #    基于token获取的用户
+        user = check_request_user(request, id)
+        if user.id != id:
+            raise ForbiddenException
+        body = demjson.decode(request.body)
+        jscode = body["jscode"]
+        openid = OpenId(jscode).get_openid()
+        #   基于jscode获取的用户
+        user_info = UserInfo.objects.filter(wechat__contains=openid)
+        if user_info[0].user != user:
+            raise ForbiddenException
+        password_validator(body["newpassword"])
+        user.set_password(body["newpassword"])
+        user.save()
+        return JsonResponse(
+            {
+                "user": user_all(user),
+                "token": generate_token(user),
+            },
+            status=200,
+        )