diff --git a/src/auth.py b/src/auth.py
index b87bf22..cade34e 100644
--- a/src/auth.py
+++ b/src/auth.py
@@ -48,8 +48,12 @@ def create_user():
 
 @auth.route("/user/<user_id>", methods=["POST"])
 @login_required
-def update_user():
-    return
+def update_user(user_id):
+    user = User.query.get_or_404(user_id)
+    user.use_name = request.get_json()["username"]
+    user.set_password(request.get_json()["password"])
+    db.session.commit()
+    return jsonify(user.to_dict()), 200
 
 @auth.route("/user/<user_id>", methods=["DELETE"])
 @login_required
diff --git a/src/user_model.py b/src/user_model.py
index bbc1299..0dd92dd 100644
--- a/src/user_model.py
+++ b/src/user_model.py
@@ -23,7 +23,7 @@ class User(UserMixin, db.Model):
         return check_password_hash(self.password_hash, password)
 
     def to_dict(self):
-        return {"username": self.user_name, "authenticated": self.is_authenticated}
+        return {"id": self.id, "username": self.user_name, "authenticated": self.is_authenticated}
 
 class Session(db.Model):