diff --git a/src/controllers/user.js b/src/controllers/user.js
index 49a4864..584ef8c 100644
--- a/src/controllers/user.js
+++ b/src/controllers/user.js
@@ -7,6 +7,7 @@ import ProductService from '../services/product.js';
 import translate from '../utils/translate.js';
 import responseCodes from '../response/responseCodes.js';
 import customError from '../response/customError.js';
+import jwt from 'jsonwebtoken';
 
 const TAG = "/controllers/userjs"
 
@@ -40,6 +41,23 @@ class UserController {
 
         return res.status(200).send(result);
     }
+
+    async changeUsername(req, res) {
+        const userId = jwt.decode(req.headers.authorization.split(' ')[1]).login.id
+        const { username } = req.body;
+
+        await UserService.changeUsername(userId, username);
+
+        return res.status(200).send(translate(req.headers["accept-language"], responseCodes.responses.general.ok))
+    }
+
+    async changePassword(req, res) {
+        const userId = jwt.decode(req.headers.authorization.split(' ')[1]).login.id
+        const { password } = req.body;
+
+        await UserService.changePassword(userId, password);
+        return res.status(200).send(translate(req.headers["accept-language"], responseCodes.responses.general.ok))
+    }
 }
 
 export default new UserController()
\ No newline at end of file
diff --git a/src/routers/user.js b/src/routers/user.js
index ff3439c..3f72e4d 100644
--- a/src/routers/user.js
+++ b/src/routers/user.js
@@ -8,5 +8,7 @@ const UserRouter = new Router();
 UserRouter.post('/register', tryHandler(auth.requireUsername), tryHandler(auth.requirePassword), tryHandler(UserController.register));
 UserRouter.post('/login', tryHandler(auth.requireUsername), tryHandler(auth.requirePassword), tryHandler(UserController.login));
 UserRouter.get('/synchronize/:groupId', tryHandler(auth.authenticate), tryHandler(auth.userIsInGroup), tryHandler(UserController.synchronize));
+UserRouter.post('/changeUsername', tryHandler(auth.authenticate), tryHandler(auth.requireUsername), tryHandler(UserController.changeUsername));
+UserRouter.post('/changePassword', tryHandler(auth.authenticate), tryHandler(auth.requirePassword), tryHandler(UserController.changePassword));
 
 export default UserRouter;
\ No newline at end of file
diff --git a/src/services/user.js b/src/services/user.js
index 5b16367..7c903d5 100644
--- a/src/services/user.js
+++ b/src/services/user.js
@@ -31,6 +31,14 @@ class UserService {
         if (await (this.isInGroup(userId, groupId))) throw new customError(`joinGroup user already in group`, responseCodes.responses.user.already_in_group);
         await db.query("UPDATE Users SET groups = array_append(groups, $1::integer) WHERE ID = $2", [groupId, userId]);
     }
+
+    async changeUsername(userId, username) {
+        await db.query("UPDATE users SET username = $1 WHERE id = $2", [username, userId]).catch(e => errorHandler(e, "user"));
+    }
+
+    async changePassword(userId, password) {
+        await db.query("UPDATE users SET password = $1 WHERE id = $2", [bcrypt.hashSync(password, 12), userId])
+    }
 }
 
 export default new UserService();
\ No newline at end of file