diff --git a/src/main/java/com/example/g8backend/controller/ForgotPasswordController.java b/src/main/java/com/example/g8backend/controller/ForgotPasswordController.java
new file mode 100644
index 0000000..1d4cf58
--- /dev/null
+++ b/src/main/java/com/example/g8backend/controller/ForgotPasswordController.java
@@ -0,0 +1,27 @@
+package com.example.g8backend.controller;
+
+import com.example.g8backend.dto.ForgotPasswordDTO;
+import com.example.g8backend.dto.ResetPasswordDTO;
+import com.example.g8backend.service.IForgotPasswordService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.*;
+
+@RestController
+@RequestMapping("/forgot-password")
+public class ForgotPasswordController {
+    @Autowired
+    private IForgotPasswordService forgotPasswordService;
+
+    @PostMapping("/send-code")
+    public ResponseEntity<?> sendCode(@RequestBody ForgotPasswordDTO dto) {
+        forgotPasswordService.sendCodeToEmail(dto.getUsername());
+        return ResponseEntity.ok("验证码已发送到注册邮箱");
+    }
+
+    @PostMapping("/reset")
+    public ResponseEntity<?> resetPassword(@RequestBody ResetPasswordDTO dto) {
+        forgotPasswordService.resetPassword(dto.getUsername(), dto.getCode(), dto.getNewPassword());
+        return ResponseEntity.ok("密码重置成功");
+    }
+}
\ No newline at end of file
diff --git a/src/main/java/com/example/g8backend/controller/UserSecurityController.java b/src/main/java/com/example/g8backend/controller/UserSecurityController.java
new file mode 100644
index 0000000..34bbb96
--- /dev/null
+++ b/src/main/java/com/example/g8backend/controller/UserSecurityController.java
@@ -0,0 +1,24 @@
+package com.example.g8backend.controller;
+
+import com.example.g8backend.dto.PasswordChangeDTO;
+import com.example.g8backend.service.IUserSecurityService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.ResponseEntity;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.web.bind.annotation.*;
+
+@RestController
+@RequestMapping("/user/security")
+public class UserSecurityController {
+    @Autowired
+    private IUserSecurityService userSecurityService;
+
+    @PutMapping("/change-password")
+    public ResponseEntity<?> changePassword(@RequestBody PasswordChangeDTO dto) {
+        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+        Long userId = (Long) authentication.getPrincipal();
+        userSecurityService.changePassword(userId, dto.getOldPassword(), dto.getNewPassword());
+        return ResponseEntity.ok("密码修改成功");
+    }
+}
\ No newline at end of file
diff --git a/src/main/java/com/example/g8backend/dto/ForgotPasswordDTO.java b/src/main/java/com/example/g8backend/dto/ForgotPasswordDTO.java
new file mode 100644
index 0000000..d9eb3ce
--- /dev/null
+++ b/src/main/java/com/example/g8backend/dto/ForgotPasswordDTO.java
@@ -0,0 +1,8 @@
+package com.example.g8backend.dto;
+
+import lombok.Data;
+
+@Data
+public class ForgotPasswordDTO {
+    private String username;
+}
diff --git a/src/main/java/com/example/g8backend/dto/PasswordChangeDTO.java b/src/main/java/com/example/g8backend/dto/PasswordChangeDTO.java
new file mode 100644
index 0000000..7a96ccf
--- /dev/null
+++ b/src/main/java/com/example/g8backend/dto/PasswordChangeDTO.java
@@ -0,0 +1,9 @@
+package com.example.g8backend.dto;
+
+import lombok.Data;
+
+@Data
+public class PasswordChangeDTO {
+    private String oldPassword;
+    private String newPassword;
+}
\ No newline at end of file
diff --git a/src/main/java/com/example/g8backend/dto/ResetPasswordDTO.java b/src/main/java/com/example/g8backend/dto/ResetPasswordDTO.java
new file mode 100644
index 0000000..2fa008c
--- /dev/null
+++ b/src/main/java/com/example/g8backend/dto/ResetPasswordDTO.java
@@ -0,0 +1,10 @@
+package com.example.g8backend.dto;
+
+import lombok.Data;
+
+@Data
+public class ResetPasswordDTO {
+    private String username;
+    private String code;
+    private String newPassword;
+}
\ No newline at end of file
diff --git a/src/main/java/com/example/g8backend/service/IForgotPasswordService.java b/src/main/java/com/example/g8backend/service/IForgotPasswordService.java
new file mode 100644
index 0000000..af865ae
--- /dev/null
+++ b/src/main/java/com/example/g8backend/service/IForgotPasswordService.java
@@ -0,0 +1,6 @@
+package com.example.g8backend.service;
+
+public interface IForgotPasswordService {
+    void sendCodeToEmail(String username);
+    boolean resetPassword(String username, String code, String newPassword);
+}
\ No newline at end of file
diff --git a/src/main/java/com/example/g8backend/service/IUserSecurityService.java b/src/main/java/com/example/g8backend/service/IUserSecurityService.java
new file mode 100644
index 0000000..0ac40dc
--- /dev/null
+++ b/src/main/java/com/example/g8backend/service/IUserSecurityService.java
@@ -0,0 +1,5 @@
+package com.example.g8backend.service;
+
+public interface IUserSecurityService {
+    boolean changePassword(Long userId, String oldPassword, String newPassword);
+}
\ No newline at end of file
diff --git a/src/main/java/com/example/g8backend/service/impl/ForgotPasswordServiceImpl.java b/src/main/java/com/example/g8backend/service/impl/ForgotPasswordServiceImpl.java
new file mode 100644
index 0000000..f75617b
--- /dev/null
+++ b/src/main/java/com/example/g8backend/service/impl/ForgotPasswordServiceImpl.java
@@ -0,0 +1,66 @@
+package com.example.g8backend.service.impl;
+
+import com.example.g8backend.entity.User;
+import com.example.g8backend.mapper.UserMapper;
+import com.example.g8backend.service.IForgotPasswordService;
+import com.example.g8backend.util.mailUtil;  // 导入 mailUtil
+import jakarta.annotation.Resource;
+import org.springframework.data.redis.core.RedisTemplate;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.stereotype.Service;
+
+import java.util.Random;
+import java.util.concurrent.TimeUnit;
+
+@Service
+public class ForgotPasswordServiceImpl implements IForgotPasswordService {
+
+    @Resource
+    private UserMapper userMapper;
+
+    @Resource
+    private RedisTemplate<String, String> redisTemplate;
+
+    @Resource
+    private PasswordEncoder passwordEncoder;
+
+    @Resource
+    private mailUtil mailUtil;  // 注入 mailUtil
+
+    @Override
+    public void sendCodeToEmail(String username) {
+        User user = userMapper.getUserByName(username);
+        if (user == null || user.getEmail() == null) throw new RuntimeException("用户不存在或未绑定邮箱");
+
+        // 生成验证码
+        String code = String.valueOf(100000 + new Random().nextInt(900000));
+
+        // 将验证码存储到 Redis
+        redisTemplate.opsForValue().set("reset_code:" + username, code, 10, TimeUnit.MINUTES);
+
+        // 使用 mailUtil 发送邮件
+        String subject = "重置密码验证码";
+        String message = "您的验证码为：" + code + "，10分钟内有效。";
+        mailUtil.sendMail(user.getEmail(), subject, message);  // 发送邮件
+    }
+
+    @Override
+    public boolean resetPassword(String username, String code, String newPassword) {
+        String key = "reset_code:" + username;
+        String realCode = redisTemplate.opsForValue().get(key);
+
+        if (realCode == null || !realCode.equals(code)) throw new RuntimeException("验证码错误或已过期");
+
+        User user = userMapper.getUserByName(username);
+        if (user == null) throw new RuntimeException("用户不存在");
+
+        // 更新密码
+        user.setPassword(passwordEncoder.encode(newPassword));
+
+        // 删除 Redis 中存储的验证码
+        redisTemplate.delete(key);
+
+        // 更新用户信息
+        return userMapper.updateById(user) > 0;
+    }
+}
diff --git a/src/main/java/com/example/g8backend/service/impl/UserSecurityServiceImpl.java b/src/main/java/com/example/g8backend/service/impl/UserSecurityServiceImpl.java
new file mode 100644
index 0000000..e49551f
--- /dev/null
+++ b/src/main/java/com/example/g8backend/service/impl/UserSecurityServiceImpl.java
@@ -0,0 +1,27 @@
+package com.example.g8backend.service.impl;
+
+import com.example.g8backend.entity.User;
+import com.example.g8backend.mapper.UserMapper;
+import com.example.g8backend.service.IUserSecurityService;
+import jakarta.annotation.Resource;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.stereotype.Service;
+
+@Service
+public class UserSecurityServiceImpl implements IUserSecurityService {
+    @Resource
+    private UserMapper userMapper;
+    @Resource
+    private PasswordEncoder passwordEncoder;
+
+    @Override
+    public boolean changePassword(Long userId, String oldPassword, String newPassword) {
+        User user = userMapper.selectById(userId);
+        if (user == null) throw new RuntimeException("用户不存在");
+        if (!passwordEncoder.matches(oldPassword, user.getPassword())) {
+            throw new RuntimeException("原密码错误");
+        }
+        user.setPassword(passwordEncoder.encode(newPassword));
+        return userMapper.updateById(user) > 0;
+    }
+}
\ No newline at end of file
diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
index 22f3728..4a4d894 100644
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -3,6 +3,7 @@
 spring.datasource.url=jdbc:mysql://localhost:3306/g8backend
 spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver
 spring.sql.init.mode=always
+logging.level.root=DEBUG
 
 mybatis-plus.mapper-locations=classpath*:/mapper/**/*.xml
 
diff --git a/src/main/resources/schema.sql b/src/main/resources/schema.sql
index bf74097..5cb15a5 100644
--- a/src/main/resources/schema.sql
+++ b/src/main/resources/schema.sql
@@ -128,4 +128,4 @@
     PRIMARY KEY (user_id, tag_id),
     FOREIGN KEY (user_id) REFERENCES users(user_id),
     FOREIGN KEY (tag_id) REFERENCES tags(tag_id)
-);
\ No newline at end of file
+);
diff --git a/src/test/java/com/example/g8backend/service/ForgotPasswordServiceImplTest.java b/src/test/java/com/example/g8backend/service/ForgotPasswordServiceImplTest.java
new file mode 100644
index 0000000..05535fd
--- /dev/null
+++ b/src/test/java/com/example/g8backend/service/ForgotPasswordServiceImplTest.java
@@ -0,0 +1,77 @@
+package com.example.g8backend.service;
+
+import com.example.g8backend.entity.User;
+import com.example.g8backend.mapper.UserMapper;
+import com.example.g8backend.service.impl.ForgotPasswordServiceImpl;
+import com.example.g8backend.util.mailUtil; // Import mailUtil
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.mockito.InjectMocks;
+import org.mockito.Mock;
+import org.mockito.MockitoAnnotations;
+import org.springframework.data.redis.core.RedisTemplate;
+import org.springframework.data.redis.core.ValueOperations;
+import org.springframework.security.crypto.password.PasswordEncoder;
+
+import static org.junit.jupiter.api.Assertions.*;
+import static org.mockito.Mockito.*;
+
+public class ForgotPasswordServiceImplTest {
+
+    @Mock
+    private UserMapper userMapper;
+    @Mock
+    private RedisTemplate<String, String> redisTemplate;
+    @Mock
+    private PasswordEncoder passwordEncoder;
+    @Mock
+    private mailUtil mailUtil;  // Mock mailUtil
+
+    @InjectMocks
+    private ForgotPasswordServiceImpl forgotPasswordService;
+
+    @Mock
+    private ValueOperations<String, String> valueOperations; // Mock Redis ValueOperations
+
+    @BeforeEach
+    void setUp() {
+        MockitoAnnotations.openMocks(this);
+        when(redisTemplate.opsForValue()).thenReturn(valueOperations); // Mock Redis operations
+    }
+
+    @Test
+    void sendCodeToEmail_Success() {
+        User user = new User();
+        user.setUserName("test");
+        user.setEmail("test@example.com");
+        when(userMapper.getUserByName("test")).thenReturn(user);
+
+        // Call the method under test
+        forgotPasswordService.sendCodeToEmail("test");
+
+        // Verify that mailUtil.sendMail was called once with the expected arguments
+        verify(mailUtil, times(1)).sendMail(eq("test@example.com"), eq("重置密码验证码"), contains("您的验证码"));
+        verify(redisTemplate, times(1)).opsForValue();
+    }
+
+    @Test
+    void resetPassword_Success() {
+        User user = new User();
+        user.setUserName("test");
+        user.setPassword("old");
+        when(userMapper.getUserByName("test")).thenReturn(user);
+        when(redisTemplate.opsForValue().get("reset_code:test")).thenReturn("123456");
+        when(passwordEncoder.encode("newpass")).thenReturn("encodedNew");
+        when(userMapper.updateById(any(User.class))).thenReturn(1);
+
+        boolean result = forgotPasswordService.resetPassword("test", "123456", "newpass");
+        assertTrue(result);
+        verify(redisTemplate, times(1)).delete("reset_code:test");
+    }
+
+    @Test
+    void resetPassword_WrongCode() {
+        when(redisTemplate.opsForValue().get("reset_code:test")).thenReturn("654321");
+        assertThrows(RuntimeException.class, () -> forgotPasswordService.resetPassword("test", "123456", "newpass"));
+    }
+}
diff --git a/src/test/java/com/example/g8backend/service/UserSecurityServiceImplTest.java b/src/test/java/com/example/g8backend/service/UserSecurityServiceImplTest.java
new file mode 100644
index 0000000..f04fbc5
--- /dev/null
+++ b/src/test/java/com/example/g8backend/service/UserSecurityServiceImplTest.java
@@ -0,0 +1,55 @@
+package com.example.g8backend.service;
+
+import com.example.g8backend.entity.User;
+import com.example.g8backend.mapper.UserMapper;
+import com.example.g8backend.service.impl.UserSecurityServiceImpl;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.mockito.InjectMocks;
+import org.mockito.Mock;
+import org.mockito.MockitoAnnotations;
+import org.springframework.security.crypto.password.PasswordEncoder;
+
+import static org.junit.jupiter.api.Assertions.*;
+import static org.mockito.Mockito.*;
+
+public class UserSecurityServiceImplTest {
+
+    @Mock
+    private UserMapper userMapper;
+    @Mock
+    private PasswordEncoder passwordEncoder;
+
+    @InjectMocks
+    private UserSecurityServiceImpl userSecurityService;
+
+    private User user;
+
+    @BeforeEach
+    void setUp() {
+        MockitoAnnotations.openMocks(this);
+        user = new User();
+        user.setUserId(1L);
+        user.setPassword("encodedOld");
+    }
+
+    @Test
+    void changePassword_Success() {
+        when(userMapper.selectById(1L)).thenReturn(user);
+        when(passwordEncoder.matches("old", "encodedOld")).thenReturn(true);
+        when(passwordEncoder.encode("new")).thenReturn("encodedNew");
+        when(userMapper.updateById(any(User.class))).thenReturn(1);
+
+        boolean result = userSecurityService.changePassword(1L, "old", "new");
+        assertTrue(result);
+        verify(userMapper).updateById(any(User.class));
+    }
+
+    @Test
+    void changePassword_WrongOldPassword() {
+        when(userMapper.selectById(1L)).thenReturn(user);
+        when(passwordEncoder.matches("wrong", "encodedOld")).thenReturn(false);
+
+        assertThrows(RuntimeException.class, () -> userSecurityService.changePassword(1L, "wrong", "new"));
+    }
+}
\ No newline at end of file