diff --git a/apps/users/serializers/v1.py b/apps/users/serializers/v1.py
index 63fe52699..864618823 100644
--- a/apps/users/serializers/v1.py
+++ b/apps/users/serializers/v1.py
@@ -36,7 +36,7 @@ class UserSerializer(BulkSerializerMixin, serializers.ModelSerializer):
             'date_password_last_updated', 'date_expired', 'avatar_url',
         ]
         extra_kwargs = {
-            'password': {'write_only': True, 'required': False},
+            'password': {'write_only': True, 'required': False, 'allow_null': True, 'allow_blank': True},
             'public_key': {'write_only': True},
             'groups_display': {'label': _('Groups name')},
             'source_display': {'label': _('Source name')},
@@ -56,13 +56,17 @@ class UserSerializer(BulkSerializerMixin, serializers.ModelSerializer):
             raise serializers.ValidationError(msg)
         return value
 
-    @staticmethod
-    def validate_password(value):
+    def validate_password(self, password):
         from ..utils import check_password_rules
-        if not check_password_rules(value):
+        password_strategy = self.initial_data.get('password_strategy')
+        if password_strategy == '0':
+            return
+        if password_strategy is None and not password:
+            return
+        if not check_password_rules(password):
             msg = _('Password does not match security rules')
             raise serializers.ValidationError(msg)
-        return value
+        return password
 
     @staticmethod
     def change_password_to_raw(validated_data):
diff --git a/apps/users/templates/users/user_create.html b/apps/users/templates/users/user_create.html
index 13bb26cbc..5e15b5469 100644
--- a/apps/users/templates/users/user_create.html
+++ b/apps/users/templates/users/user_create.html
@@ -4,9 +4,7 @@
 {% block user_template_title %}{% trans "Create user" %}{% endblock %}
 {% block password %}
     {% bootstrap_field form.password_strategy layout="horizontal" %}
-    <div class="form-group" id="custom_password">
-        {% bootstrap_field form.password layout="horizontal" %}
-    </div>
+    {% bootstrap_field form.password layout="horizontal" %}
     {#  密码popover  #}
     <div id="container">
         <div class="popover fade bottom in" role="tooltip" id="popover777" style=" display: none; width:260px;">
@@ -29,7 +27,7 @@ function passwordCheck() {
         progress = $('#id_progress'),
         password_check_rules = {{ password_check_rules|safe }},
         minLength = 6,
-        top = idPassword.offset().top - $('.navbar').outerHeight(true) - $('.page-heading').outerHeight(true) - 10 + 34,
+        top = idPassword.offset().top - $('.navbar').outerHeight(true) - $('.page-heading').outerHeight(true) -77 + 34,
         left = 377,
         i18n_fallback = {
             "veryWeak": "{% trans 'Very weak' %}",
@@ -67,9 +65,9 @@ var password_strategy_radio_input = 'input[type=radio][name=password_strategy]';
 function passwordStrategyFieldsDisplay(){
     var val = $('input:radio[name="password_strategy"]:checked').val();
     if(val === '0'){
-        $('#custom_password').addClass('hidden')
+        $('#id_password').parents('.form-group').addClass('hidden')
     }else {
-        $('#custom_password').removeClass('hidden')
+        $('#id_password').parents('.form-group').removeClass('hidden')
     }
 }
 $(document).ready(function () {
@@ -78,7 +76,25 @@ $(document).ready(function () {
 
 }).on('change', password_strategy_radio_input, function(){
         passwordStrategyFieldsDisplay()
-   })
+})
+.on("submit", "form", function (evt) {
+    evt.preventDefault();
+    var the_url = '{% url 'api-users:user-list' %}';
+    var redirect_to = '{% url "users:user-list" %}';
+    var method = "POST";
+    var form = $("form");
+    var data = form.serializeObject();
+    objectAttrsIsList(data, ['groups']);
+    objectAttrsIsDatetime(data,['date_expired']);
+    var props = {
+        url: the_url,
+        data: data,
+        method: method,
+        form: form,
+        redirect_to: redirect_to
+     };
+    formSubmit(props);
+})
 </script>
 {% endblock %}
 
diff --git a/apps/users/templates/users/user_update.html b/apps/users/templates/users/user_update.html
index cc4855e1f..67c7c155c 100644
--- a/apps/users/templates/users/user_update.html
+++ b/apps/users/templates/users/user_update.html
@@ -29,58 +29,76 @@
 {% block custom_foot_js %}
     {{ block.super }}
 <script>
-    function passwordCheck() {
-        if ($('#id_password').length != 1) {
-            return
-        }
-        var el = $('#id_password_rules'),
-            idPassword = $('#id_password'),
-            idPopover = $('#popover777'),
-            container = $('#container'),
-            progress = $('#id_progress'),
-            password_check_rules = {{ password_check_rules|safe }},
-            minLength = 6,
-            top = idPassword.offset().top - $('.navbar').outerHeight(true) - $('.page-heading').outerHeight(true) - 10 + 34,
-            left = 377,
-            i18n_fallback = {
-                "veryWeak": "{% trans 'Very weak' %}",
-                "weak": "{% trans 'Weak' %}",
-                "normal": "{% trans 'Normal' %}",
-                "medium": "{% trans 'Medium' %}",
-                "strong": "{% trans 'Strong' %}",
-                "veryStrong": "{% trans 'Very strong' %}"
-            };
-
-        $.each(password_check_rules, function (idx, rules) {
-            if(rules.key === 'id_security_password_min_length'){
-                minLength = rules.value
-            }
-        });
-
-        // 初始化popover
-        initPopover(container, progress, idPassword, el, password_check_rules, i18n_fallback);
-
-        // 监听事件
-        idPassword.on('focus', function () {
-            idPopover.css('top', top);
-            idPopover.css('left', left);
-            idPopover.css('display', 'block');
-        });
-        idPassword.on('blur', function () {
-            idPopover.css('display', 'none');
-        });
-        idPassword.on('keyup', function(){
-            var password = idPassword.val();
-            checkPasswordRules(password, minLength);
-        });
+function passwordCheck() {
+    if ($('#id_password').length != 1) {
+        return
     }
-    $(document).ready(function(){
-        passwordCheck();
+    var el = $('#id_password_rules'),
+        idPassword = $('#id_password'),
+        idPopover = $('#popover777'),
+        container = $('#container'),
+        progress = $('#id_progress'),
+        password_check_rules = {{ password_check_rules|safe }},
+        minLength = 6,
+        top = idPassword.offset().top - $('.navbar').outerHeight(true) - $('.page-heading').outerHeight(true) - 10 + 34,
+        left = 377,
+        i18n_fallback = {
+            "veryWeak": "{% trans 'Very weak' %}",
+            "weak": "{% trans 'Weak' %}",
+            "normal": "{% trans 'Normal' %}",
+            "medium": "{% trans 'Medium' %}",
+            "strong": "{% trans 'Strong' %}",
+            "veryStrong": "{% trans 'Very strong' %}"
+        };
 
-        var origin_text = $("#password_help_text").text();
-        var new_text = origin_text.replace('{}', "{{ object.source_display }}");
-        $("#password_help_text").html(new_text);
+    $.each(password_check_rules, function (idx, rules) {
+        if(rules.key === 'id_security_password_min_length'){
+            minLength = rules.value
+        }
+    });
 
-    })
+    // 初始化popover
+    initPopover(container, progress, idPassword, el, password_check_rules, i18n_fallback);
+
+    // 监听事件
+    idPassword.on('focus', function () {
+        idPopover.css('top', top);
+        idPopover.css('left', left);
+        idPopover.css('display', 'block');
+    });
+    idPassword.on('blur', function () {
+        idPopover.css('display', 'none');
+    });
+    idPassword.on('keyup', function(){
+        var password = idPassword.val();
+        checkPasswordRules(password, minLength);
+    });
+}
+$(document).ready(function(){
+    passwordCheck();
+
+    var origin_text = $("#password_help_text").text();
+    var new_text = origin_text.replace('{}', "{{ object.source_display }}");
+    $("#password_help_text").html(new_text);
+
+})
+.on("submit", "form", function (evt) {
+    evt.preventDefault();
+    var the_url = '{% url 'api-users:user-detail' pk=object.id %}';
+    var redirect_to = '{% url "users:user-list" %}';
+    var method = "PUT";
+    var form = $("form");
+    var data = form.serializeObject();
+    objectAttrsIsList(data, ['groups']);
+    objectAttrsIsDatetime(data,['date_expired']);
+    var props = {
+        url: the_url,
+        data: data,
+        method: method,
+        form: form,
+        redirect_to: redirect_to
+     };
+    formSubmit(props);
+})
 </script>
 {% endblock %}