diff --git a/juser/user_api.py b/juser/user_api.py
index 59815185a..c9f82325c 100644
--- a/juser/user_api.py
+++ b/juser/user_api.py
@@ -129,7 +129,7 @@ def gen_ssh_key(username, password='',
     生成一个用户ssh密钥对
     """
     logger.debug('生成ssh key， 并设置authorized_keys')
-    private_key_file = os.path.join(key_dir, username+'pem')
+    private_key_file = os.path.join(key_dir, username+'.pem')
     mkdir(key_dir, mode=0700)
     if os.path.isfile(private_key_file):
         os.unlink(private_key_file)
@@ -142,7 +142,7 @@ def gen_ssh_key(username, password='',
         with open(private_key_file+'.pub') as pub_f:
             with open(authorized_key_file, 'w') as auth_f:
                 auth_f.write(pub_f.read())
-        os.chmod(authorized_key_file, mode=0600)
+        os.chmod(authorized_key_file, 0600)
         chown(authorized_key_file, username)
 
 
@@ -166,7 +166,7 @@ def user_add_mail(user, kwargs):
     mail_msg = u"""
     Hi, %s
         您的用户名： %s
-        您的角色： %s
+        您的权限： %s
         您的web登录密码： %s
         您的ssh密钥文件密码： %s
         密钥下载地址： %s/juser/down_key/?uuid=%s
diff --git a/juser/views.py b/juser/views.py
index 0c5017e64..12febbf7e 100644
--- a/juser/views.py
+++ b/juser/views.py
@@ -4,7 +4,7 @@
 
 # import random
 # from Crypto.PublicKey import RSA
-import uuid as uuid_r
+import uuid
 from django.contrib.auth.decorators import login_required
 
 from django.db.models import Q
@@ -158,7 +158,7 @@ def user_add(request):
         groups = request.POST.getlist('groups', [])
         admin_groups = request.POST.getlist('admin_groups', [])
         role = request.POST.get('role', 'CU')
-        uuid = uuid_r.uuid1()
+        uuid_r = uuid.uuid1()
         ssh_key_pwd = PyCrypt.gen_rand_pass(16)
         extra = request.POST.getlist('extra', [])
         is_active = False if '0' in extra else True
@@ -180,7 +180,7 @@ def user_add(request):
             try:
                 user = db_add_user(username=username, name=name,
                                    password=password,
-                                   email=email, role=role, uuid=uuid,
+                                   email=email, role=role, uuid=uuid_r,
                                    groups=groups, admin_groups=admin_groups,
                                    ssh_key_pwd=ssh_key_pwd,
                                    is_active=is_active,
@@ -262,18 +262,16 @@ def user_del(request):
     for user_id in user_id_list:
         user = get_object(User, id=user_id)
         if user:
-            # TODO: annotation by liuzheng, because useless for me
-            # assets = user_permed(user)
-            # result = _public_perm_api({'type': 'del_user', 'user': user, 'asset': assets})
-            # print result
+            logger.debug("删除用户 %s " % user.username)
+            bash('userdel -r %s' % user.username)
             user.delete()
     return HttpResponse('删除成功')
 
 
 @require_role('admin')
 def send_mail_retry(request):
-    user_uuid = request.GET.get('uuid', '1')
-    user = get_object(User, uuid=user_uuid)
+    uuid_r = request.GET.get('uuid', '1')
+    user = get_object(User, uuid=uuid_r)
     msg = u"""
     跳板机地址： %s
     用户名：%s
@@ -315,19 +313,14 @@ def reset_password(request):
     hash_encode = request.GET.get('hash', '')
     action = '/juser/reset_password/?uuid=%s&timestamp=%s&hash=%s' % (uuid_r, timestamp, hash_encode)
 
-    if hash_encode == PyCrypt.md5_crypt(uuid_r + timestamp + KEY):
-        if int(time.time()) - int(timestamp) > 600:
-            return http_error(request, u'链接已超时')
-        else:
-            return render_to_response('juser/reset_password.html', locals())
-
     if request.method == 'POST':
         password = request.POST.get('password')
         password_confirm = request.POST.get('password_confirm')
+        print password, password_confirm
         if password != password_confirm:
             return HttpResponse('密码不匹配')
         else:
-            user = get_object(User, uuid=uuid)
+            user = get_object(User, uuid=uuid_r)
             if user:
                 user.password = PyCrypt.md5_crypt(password)
                 user.save()
@@ -335,6 +328,12 @@ def reset_password(request):
             else:
                 return HttpResponse('用户不存在')
 
+    if hash_encode == PyCrypt.md5_crypt(uuid_r + timestamp + KEY):
+        if int(time.time()) - int(timestamp) > 600:
+            return http_error(request, u'链接已超时')
+        else:
+            return render_to_response('juser/reset_password.html', locals())
+
     return http_error(request, u'错误请求')
 
 
@@ -398,7 +397,6 @@ def user_edit(request):
             send_mail('您的信息已修改', msg, MAIL_FROM, [email], fail_silently=False)
 
         return HttpResponseRedirect('/juser/user_list/')
-
     return my_render('juser/user_edit.html', locals(), request)
 
 
@@ -447,8 +445,8 @@ def change_info(request):
 
 @require_role(role='user')
 def regen_ssh_key(request):
-    uuid = request.GET.get('uuid', '')
-    user = get_object(User, uuid=uuid)
+    uuid_r = request.GET.get('uuid', '')
+    user = get_object(User, uuid=uuid_r)
     if not user:
         return HttpResponse('没有该用户')
 
diff --git a/templates/juser/forget_password.html b/templates/juser/forget_password.html
index 78606a98d..88410fdca 100644
--- a/templates/juser/forget_password.html
+++ b/templates/juser/forget_password.html
@@ -15,9 +15,9 @@
 
 <body class="gray-bg">
 
-<div class="lock-word animated fadeInDown">
-    <span class="first-word">Jumperver</span>
-</div>
+    <div class="lock-word animated fadeInDown">
+        <span class="first-word">Jumperver</span>
+    </div>
     <div class="middle-box text-center lockscreen animated fadeInDown">
         <div>
             <div class="m-b-md">
@@ -47,7 +47,5 @@
     <script src="/static/js/jquery-2.1.1.js"></script>
     <script src="/static/js/bootstrap.min.js"></script>
 
-
-
-
-</body></html>
\ No newline at end of file
+</body>
+</html>
\ No newline at end of file
diff --git a/templates/juser/reset_password.html b/templates/juser/reset_password.html
index 83c43a4d3..6228d7dc6 100644
--- a/templates/juser/reset_password.html
+++ b/templates/juser/reset_password.html
@@ -1,4 +1,5 @@
-<html><head>
+<html>
+<head>
 
     <meta charset="utf-8">
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
@@ -10,8 +11,8 @@
     <link href="/static/css/animate.css" rel="stylesheet">
     <link href="/static/css/style.css" rel="stylesheet">
 
-
-<style type="text/css"></style></head>
+    <style type="text/css"></style>
+</head>
 
 <body class="gray-bg">
 
@@ -31,8 +32,8 @@
             <h3>请输入新密码</h3>
             <form class="m-t" role="form" id="restForm" action="{{ action }}" method="post">
                 <div class="form-group">
-                    <input type="password" name='password' class="form-control" placeholder="New Password" required="">
-                    <input type="password" name='password_confirm' class="form-control" placeholder="Password Confirm" required="">
+                    <input type="password" name='password' class="form-control" placeholder="New Password">
+                    <input type="password" name='password_confirm' class="form-control" placeholder="Password Confirm">
                 </div>
                 <button type="submit" class="btn btn-primary block full-width">确定</button>
             </form>
@@ -42,23 +43,25 @@
     <script src="/static/js/jquery-2.1.1.js"></script>
     <script src="/static/js/bootstrap.min.js"></script>
     <script src="/static/js/validator/jquery.validator.js"></script>
+
     <script>
         $('#restForm').validator({
         timely: 2,
         theme: "yellow_right_effect",
         rules: {
-            check_pass: [/^\w+$/, '数字和字符']
+            check_pass: [/^\w{8,50}$/, '数字和字符,8-50位']
         },
-
         fields: {
             "password": {
-                rule: "length[6~50];check_pass",
+                rule: "required;check_pass",
                 tip: "输入密码",
                 ok: "",
                 msg: {required: "必须填写!"}
             },
             'password_confirm': {
-                rule: "match[password]"
+                rule: "required;check_pass;",
+                tip: '确认密码',
+                msg: {required: "必须填写!"}
             }
         },
         valid: function(form) {