diff --git a/server/proj/account/schemas.py b/server/proj/account/schemas.py
index c7a1d96..f5631ae 100644
--- a/server/proj/account/schemas.py
+++ b/server/proj/account/schemas.py
@@ -3,19 +3,25 @@ import coreapi
 import coreschema
 
 
-""" class PlayListSchema(AutoSchema):
+class UpdateUserSchema(AutoSchema):
     def get_serializer_fields(self, path, method):
         return [
                 coreapi.Field(
-                    name='playlist_id',
+                    name='email',
                     location='form',
                     required=False,
-                    schema=coreschema.Integer(description='ID плейлиста')
+                    schema=coreschema.String(description='Email пользователя')
                 ),
                 coreapi.Field(
-                    name='songs_id',
+                    name='old_password',
                     location='form',
                     required=False,
-                    schema=coreschema.Array(description='ID треков')
+                    schema=coreschema.String(description='Старый пароль')
                 ),
-        ] """
\ No newline at end of file
+                coreapi.Field(
+                    name='password',
+                    location='form',
+                    required=False,
+                    schema=coreschema.String(description='Новый пароль')
+                ),
+        ]
\ No newline at end of file
diff --git a/server/proj/account/views.py b/server/proj/account/views.py
index 2f20787..59887c5 100644
--- a/server/proj/account/views.py
+++ b/server/proj/account/views.py
@@ -5,10 +5,13 @@ from rest_framework_simplejwt.views import TokenObtainPairView
 from rest_framework.decorators import action
 from rest_framework import status
 from django.core.mail import send_mail
-from django.contrib.auth.hashers import make_password
+from django.contrib.auth.hashers import make_password, check_password
 from conf import settings
 from account.serializers import MyUserSerializer, MyTokenObtainPairSerializer
 from account.models import MyUser
+from .schemas import UpdateUserSchema
+
+
 PermissionClass = IsAuthenticated if not settings.DEBUG else AllowAny
 
 class MyTokenObtainPairView(TokenObtainPairView):
@@ -53,17 +56,21 @@ class MyUserViewSet(ViewSet):
         token_serializer.is_valid(raise_exception=True)
         return Response(token_serializer.validated_data, status=status.HTTP_201_CREATED)
 
-    @action(detail=False, methods=['post'])
+    @action(detail=False, methods=['post'], schema=UpdateUserSchema())
     def update_user(self, request):
-        if 'email' in request.data:
-            del request.data['email']
-        if 'password' in request.data:
-            request.data['password'] = make_password(request.data['password'])
-        serializer = MyUserSerializer(request.user, data=request.data, partial=True)
-        serializer.is_valid(raise_exception=True)
-        serializer.save()
+        password = request.user.password
 
-        return Response(serializer.data)
+        if check_password(request.data['old_password'], password):
+            if 'email' in request.data:
+                del request.data['email']
+            if 'password' in request.data:
+                request.data['password'] = make_password(request.data['password'])
+            serializer = MyUserSerializer(request.user, data=request.data, partial=True)
+            serializer.is_valid(raise_exception=True)
+            serializer.save()
+            return Response(serializer.data)
+        else:
+            return Response({'error':'Неверный старый пароль'}, status=status.HTTP_400_BAD_REQUEST)
 
     @action(detail=False, methods=['post'])
     def password_reset_user(self, request):