diff --git a/cash-api/account-server/src/main/java/com/czg/controller/admin/SysController.java b/cash-api/account-server/src/main/java/com/czg/controller/admin/SysController.java
index 9810de9d..859ef46f 100644
--- a/cash-api/account-server/src/main/java/com/czg/controller/admin/SysController.java
+++ b/cash-api/account-server/src/main/java/com/czg/controller/admin/SysController.java
@@ -75,7 +75,7 @@ public class SysController {
     @SaAdminCheckRole("admin")
     @PutMapping("/pwd")
     public CzgResult<Boolean> editPwd(@RequestBody @Validated SysUserEditPwdDTO sysUserEditPwdDTO) {
-        return CzgResult.success(sysUserService.editPwd(StpKit.USER.getLoginIdAsLong(), sysUserEditPwdDTO));
+        return CzgResult.success(sysUserService.editPwd(sysUserEditPwdDTO));
     }
 
     /**
diff --git a/cash-common/cash-common-service/src/main/java/com/czg/account/dto/user/SysUserEditPwdDTO.java b/cash-common/cash-common-service/src/main/java/com/czg/account/dto/user/SysUserEditPwdDTO.java
index 03d3f83b..96f5ffda 100644
--- a/cash-common/cash-common-service/src/main/java/com/czg/account/dto/user/SysUserEditPwdDTO.java
+++ b/cash-common/cash-common-service/src/main/java/com/czg/account/dto/user/SysUserEditPwdDTO.java
@@ -15,13 +15,12 @@ public class SysUserEditPwdDTO {
     /**
      * ID
      */
-    @NotNull(message = "ID不能为空")
     private Long id;
 
     /**
      * 原密码
      */
-    @NotBlank(message = "原密码不为空")
+//    @NotBlank(message = "原密码不为空")
     private String originalPassword;
 
     /**
diff --git a/cash-common/cash-common-service/src/main/java/com/czg/account/service/SysUserService.java b/cash-common/cash-common-service/src/main/java/com/czg/account/service/SysUserService.java
index 88f64bd3..cf37f045 100644
--- a/cash-common/cash-common-service/src/main/java/com/czg/account/service/SysUserService.java
+++ b/cash-common/cash-common-service/src/main/java/com/czg/account/service/SysUserService.java
@@ -37,6 +37,6 @@ public interface SysUserService extends IService<SysUser> {
 
     SysUserDetailVO detail(Integer id);
 
-    Boolean editPwd(long sysUserId, SysUserEditPwdDTO sysUserEditPwdDTO);
+    Boolean editPwd(SysUserEditPwdDTO sysUserEditPwdDTO);
 
 }
diff --git a/cash-common/cash-common-service/src/main/java/com/czg/order/dto/OrderInfoRefundDTO.java b/cash-common/cash-common-service/src/main/java/com/czg/order/dto/OrderInfoRefundDTO.java
index 1f01401f..50fb9adc 100644
--- a/cash-common/cash-common-service/src/main/java/com/czg/order/dto/OrderInfoRefundDTO.java
+++ b/cash-common/cash-common-service/src/main/java/com/czg/order/dto/OrderInfoRefundDTO.java
@@ -51,6 +51,8 @@ public class OrderInfoRefundDTO implements Serializable {
 
     private String refundReason;
 
+    private String pwd;
+
     /**
      * 退单明细
      * id: orderDetailId
diff --git a/cash-service/account-service/src/main/java/com/czg/service/account/service/impl/SysUserServiceImpl.java b/cash-service/account-service/src/main/java/com/czg/service/account/service/impl/SysUserServiceImpl.java
index 2fe6a1e9..7c6657e9 100644
--- a/cash-service/account-service/src/main/java/com/czg/service/account/service/impl/SysUserServiceImpl.java
+++ b/cash-service/account-service/src/main/java/com/czg/service/account/service/impl/SysUserServiceImpl.java
@@ -41,7 +41,7 @@ import static com.mybatisflex.core.query.QueryMethods.column;
  * @since 2025-02-08
  */
 @Service
-public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser>  implements SysUserService {
+public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> implements SysUserService {
 
     @Resource
     private SysRoleMapper sysRoleMapper;
@@ -206,9 +206,24 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser>  imp
     }
 
     @Override
-    public Boolean editPwd(long sysUserId, SysUserEditPwdDTO sysUserEditPwdDTO) {
-        SysUser sysUser = getById(sysUserId);
-        if (!sysUserEditPwdDTO.getPassword().equals(SecureUtil.md5(sysUser.getId() + sysUserEditPwdDTO.getOriginalPassword()))) {
+    public Boolean editPwd(SysUserEditPwdDTO sysUserEditPwdDTO) {
+        SysUser sysUser;
+        if (sysUserEditPwdDTO.getId() == null) {
+            sysUserEditPwdDTO.setId(StpKit.USER.getLoginIdAsLong());
+            sysUser = getById(sysUserEditPwdDTO.getId());
+        } else {
+            sysUser = getById(sysUserEditPwdDTO.getId());
+            if (sysUser.getAccount().contains("@")) {
+                if (!sysUser.getAccount().split("@")[0].equals(StpKit.USER.getShopId().toString())) {
+                    throw new CzgException("修改失败");
+                }
+            } else {
+                throw new CzgException("修改失败");
+            }
+        }
+
+        if (StrUtil.isNotBlank(sysUserEditPwdDTO.getOriginalPassword()) &&
+                !sysUserEditPwdDTO.getPassword().equals(SecureUtil.md5(sysUser.getId() + sysUserEditPwdDTO.getOriginalPassword()))) {
             throw new ApiNotPrintException("原密码不正确");
         }
 
diff --git a/cash-service/order-service/src/main/java/com/czg/service/order/dto/VipRefundDTO.java b/cash-service/order-service/src/main/java/com/czg/service/order/dto/VipRefundDTO.java
index 72f486b8..6b07b5c8 100644
--- a/cash-service/order-service/src/main/java/com/czg/service/order/dto/VipRefundDTO.java
+++ b/cash-service/order-service/src/main/java/com/czg/service/order/dto/VipRefundDTO.java
@@ -45,4 +45,5 @@ public class VipRefundDTO implements Serializable {
 
 
     private String platformType;
+    private String pwd;
 }
diff --git a/cash-service/order-service/src/main/java/com/czg/service/order/service/impl/PayServiceImpl.java b/cash-service/order-service/src/main/java/com/czg/service/order/service/impl/PayServiceImpl.java
index b5de5d34..fd06f4c7 100644
--- a/cash-service/order-service/src/main/java/com/czg/service/order/service/impl/PayServiceImpl.java
+++ b/cash-service/order-service/src/main/java/com/czg/service/order/service/impl/PayServiceImpl.java
@@ -5,6 +5,7 @@ import cn.hutool.core.convert.Convert;
 import cn.hutool.core.exceptions.ValidateException;
 import cn.hutool.core.util.IdUtil;
 import cn.hutool.core.util.StrUtil;
+import cn.hutool.crypto.SecureUtil;
 import com.alibaba.fastjson2.JSON;
 import com.alibaba.fastjson2.JSONObject;
 import com.czg.account.dto.shopuser.ShopUserMoneyEditDTO;
@@ -466,6 +467,13 @@ public class PayServiceImpl implements PayService {
 
     @Override
     public CzgResult<Object> refundVip(VipRefundDTO refPayParam) {
+        ShopInfo shopInfo = shopInfoService.getById(refPayParam.getShopId());
+        if (shopInfo.getIsReturnPwd().equals(1)) {
+            AssertUtil.isBlank(shopInfo.getOperationPwd(), "请设置操作密码后使用");
+            if (!SecureUtil.md5(refPayParam.getPwd()).equals(shopInfo.getOperationPwd())) {
+                throw new CzgException("操作密码错误");
+            }
+        }
         ShopUser shopUser = shopUserService.getShopUserInfo(refPayParam.getShopId(), refPayParam.getUserId());
         ShopUserFlow inFlow = userFlowService.getById(refPayParam.getFlowId());
         AssertUtil.isNull(inFlow, "充值记录不存在");
@@ -549,6 +557,13 @@ public class PayServiceImpl implements PayService {
     @Transactional
     public CzgResult<Object> refundOrderBefore(OrderInfoRefundDTO param) {
         OrderInfo orderInfo = orderInfoService.getById(param.getOrderId());
+        ShopInfo shopInfo = shopInfoService.getById(orderInfo.getShopId());
+        if (shopInfo.getIsReturnPwd().equals(1)) {
+            AssertUtil.isBlank(shopInfo.getOperationPwd(), "请设置操作密码后使用");
+            if (!SecureUtil.md5(param.getPwd()).equals(shopInfo.getOperationPwd())) {
+                throw new CzgException("操作密码错误");
+            }
+        }
         Map<String, BigDecimal> returnProMap = new HashMap<>();
         boolean isPay = true;
         String refPayOrderNo = "REFO" + IdUtil.getSnowflakeNextId();