diff --git a/controller/message.go b/controller/message.go
index d8bb3ca..c66cf50 100644
--- a/controller/message.go
+++ b/controller/message.go
@@ -57,9 +57,16 @@ func pushMessageHelper(c *gin.Context, message *channel.Message) {
 		})
 		return
 	}
-	if user.Token != "" {
+	if user.Token != "" && user.Token != " " {
 		if message.Token == "" {
 			message.Token = c.Request.Header.Get("Authorization")
+			if message.Token == "" {
+				c.JSON(http.StatusForbidden, gin.H{
+					"success": false,
+					"message": "token 为空",
+				})
+				return
+			}
 		}
 		if user.Token != message.Token {
 			c.JSON(http.StatusForbidden, gin.H{
diff --git a/controller/user.go b/controller/user.go
index 87d5870..b68a4c1 100644
--- a/controller/user.go
+++ b/controller/user.go
@@ -350,7 +350,9 @@ func UpdateSelf(c *gin.Context) {
 		})
 		return
 	}
-
+	if user.Password == "" {
+		user.Password = "$I_LOVE_U" // make Validator happy :)
+	}
 	if err := common.Validate.Struct(&user); err != nil {
 		c.JSON(http.StatusOK, gin.H{
 			"success": false,
@@ -364,8 +366,15 @@ func UpdateSelf(c *gin.Context) {
 		Username:    user.Username,
 		Password:    user.Password,
 		DisplayName: user.DisplayName,
+		Token:       user.Token,
+	}
+	if cleanUser.Token == "" {
+		cleanUser.Token = " " // this is because gorm will ignore zero value
+	}
+	if user.Password == "$I_LOVE_U" {
+		user.Password = "" // rollback to what it should be
+		cleanUser.Password = ""
 	}
-
 	updatePassword := user.Password != ""
 	if err := cleanUser.Update(updatePassword); err != nil {
 		c.JSON(http.StatusOK, gin.H{
diff --git a/middleware/auth.go b/middleware/auth.go
index e938a2c..ef9dbd7 100644
--- a/middleware/auth.go
+++ b/middleware/auth.go
@@ -16,7 +16,7 @@ func authHelper(c *gin.Context, minRole int) {
 	if username == nil {
 		c.JSON(http.StatusOK, gin.H{
 			"success": false,
-			"message": "无权进行此操作，未登录或 token 无效",
+			"message": "无权进行此操作，用户未登录",
 		})
 		c.Abort()
 		return
@@ -32,7 +32,7 @@ func authHelper(c *gin.Context, minRole int) {
 	if role.(int) < minRole {
 		c.JSON(http.StatusOK, gin.H{
 			"success": false,
-			"message": "无权进行此操作，未登录或 token 无效，或没有权限",
+			"message": "无权进行此操作，用户未登录或没有权限",
 		})
 		c.Abort()
 		return
diff --git a/model/user.go b/model/user.go
index b7df409..d1703eb 100644
--- a/model/user.go
+++ b/model/user.go
@@ -3,7 +3,6 @@ package model
 import (
 	"errors"
 	"message-pusher/common"
-	"strings"
 )
 
 type User struct {
@@ -13,7 +12,7 @@ type User struct {
 	DisplayName      string `json:"display_name" gorm:"index" validate:"max=20"`
 	Role             int    `json:"role" gorm:"type:int;default:1"`   // admin, common
 	Status           int    `json:"status" gorm:"type:int;default:1"` // enabled, disabled
-	Token            string `json:"token;" gorm:"index"`
+	Token            string `json:"token"`
 	Email            string `json:"email" gorm:"index" validate:"max=50"`
 	GitHubId         string `json:"github_id" gorm:"column:github_id;index"`
 	WeChatId         string `json:"wechat_id" gorm:"column:wechat_id;index"`
@@ -43,7 +42,7 @@ func GetUserById(id int, selectAll bool) (*User, error) {
 	if selectAll {
 		err = DB.First(&user, "id = ?", id).Error
 	} else {
-		err = DB.Select([]string{"id", "username", "display_name", "role", "status", "email", "wechat_id", "github_id"}).First(&user, "id = ?", id).Error
+		err = DB.Select([]string{"id", "username", "display_name", "role", "status", "email", "wechat_id", "github_id", "token"}).First(&user, "id = ?", id).Error
 	}
 	return &user, err
 }
@@ -118,18 +117,6 @@ func (user *User) FillUserByUsername() {
 	DB.Where(User{Username: user.Username}).First(user)
 }
 
-func ValidateUserToken(token string) (user *User) {
-	if token == "" {
-		return nil
-	}
-	token = strings.Replace(token, "Bearer ", "", 1)
-	user = &User{}
-	if DB.Where("token = ?", token).First(user).RowsAffected == 1 {
-		return user
-	}
-	return nil
-}
-
 func IsEmailAlreadyTaken(email string) bool {
 	return DB.Where("email = ?", email).Find(&User{}).RowsAffected == 1
 }
diff --git a/web/src/components/PersonalSetting.js b/web/src/components/PersonalSetting.js
index a998c39..63d3250 100644
--- a/web/src/components/PersonalSetting.js
+++ b/web/src/components/PersonalSetting.js
@@ -1,7 +1,7 @@
 import React, { useEffect, useState } from 'react';
 import { Button, Form, Image, Modal } from 'semantic-ui-react';
 import { Link } from 'react-router-dom';
-import { API, copy, showError, showSuccess } from '../helpers';
+import { API, showError, showSuccess } from '../helpers';
 
 const PersonalSetting = () => {
   const [inputs, setInputs] = useState({
@@ -25,17 +25,6 @@ const PersonalSetting = () => {
     setInputs((inputs) => ({ ...inputs, [name]: value }));
   };
 
-  const generateToken = async () => {
-    const res = await API.get('/api/user/token');
-    const { success, message, data } = res.data;
-    if (success) {
-      await copy(data);
-      showSuccess(`令牌已重置并已复制到剪切板：${data}`);
-    } else {
-      showError(message);
-    }
-  };
-
   const bindWeChat = async () => {
     if (inputs.wechat_verification_code === '') return;
     const res = await API.get(
@@ -86,7 +75,6 @@ const PersonalSetting = () => {
       <Button as={Link} to={`/user/edit/`}>
         更新个人信息
       </Button>
-      <Button onClick={generateToken}>生成访问令牌</Button>
       <Button
         onClick={() => {
           setShowWeChatBindModal(true);
diff --git a/web/src/pages/User/EditUser.js b/web/src/pages/User/EditUser.js
index d667097..d7289a7 100644
--- a/web/src/pages/User/EditUser.js
+++ b/web/src/pages/User/EditUser.js
@@ -13,9 +13,18 @@ const EditUser = () => {
     password: '',
     github_id: '',
     wechat_id: '',
-    email:''
+    email: '',
+    token: '',
   });
-  const { username, display_name, password, github_id, wechat_id, email } = inputs;
+  const {
+    username,
+    display_name,
+    password,
+    github_id,
+    wechat_id,
+    email,
+    token,
+  } = inputs;
   const handleInputChange = (e, { name, value }) => {
     setInputs((inputs) => ({ ...inputs, [name]: value }));
   };
@@ -30,6 +39,9 @@ const EditUser = () => {
     const { success, message, data } = res.data;
     if (success) {
       data.password = '';
+      if (data.token === ' ') {
+        data.token = '';
+      }
       setInputs(data);
     } else {
       showError(message);
@@ -58,64 +70,77 @@ const EditUser = () => {
   return (
     <>
       <Segment loading={loading}>
-        <Header as="h3">更新用户信息</Header>
-        <Form autoComplete="off">
+        <Header as='h3'>更新用户信息</Header>
+        <Form autoComplete='off'>
           <Form.Field>
             <Form.Input
-              label="用户名"
-              name="username"
+              label='用户名'
+              name='username'
               placeholder={'请输入新的用户名'}
               onChange={handleInputChange}
               value={username}
-              autoComplete="off"
+              autoComplete='off'
             />
           </Form.Field>
           <Form.Field>
             <Form.Input
-              label="密码"
-              name="password"
+              label='密码'
+              name='password'
               type={'password'}
               placeholder={'请输入新的密码'}
               onChange={handleInputChange}
               value={password}
-              autoComplete="off"
+              autoComplete='off'
             />
           </Form.Field>
           <Form.Field>
             <Form.Input
-              label="显示名称"
-              name="display_name"
+              label='显示名称'
+              name='display_name'
               placeholder={'请输入新的显示名称'}
               onChange={handleInputChange}
               value={display_name}
-              autoComplete="off"
+              autoComplete='off'
             />
           </Form.Field>
           <Form.Field>
             <Form.Input
-              label="已绑定的 GitHub 账户"
-              name="github_id"
+              label='推送鉴权 Token'
+              name='token'
+              placeholder={'请输入新的 Token，留空则将 Token 置空'}
+              onChange={handleInputChange}
+              value={token}
+              autoComplete='off'
+            />
+          </Form.Field>
+          <Form.Field>
+            <Form.Input
+              label='已绑定的 GitHub 账户'
+              name='github_id'
               value={github_id}
-              autoComplete="off"
+              autoComplete='off'
               readOnly
+              placeholder={'如需绑定请到个人设置页面进行绑定'}
             />
           </Form.Field>
           <Form.Field>
             <Form.Input
-              label="已绑定的微信账户"
-              name="wechat_id"
+              label='已绑定的微信账户'
+              name='wechat_id'
               value={wechat_id}
-              autoComplete="off"
+              autoComplete='off'
               readOnly
+              placeholder={'如需绑定请到个人设置页面进行绑定'}
             />
           </Form.Field>
           <Form.Field>
             <Form.Input
-              label="已绑定的邮箱账户"
-              name="email"
+              label='已绑定的邮箱账户'
+              name='email'
               value={email}
-              autoComplete="off"
+              autoComplete='off'
               readOnly
+              placeholder={'如需绑定请到个人设置页面进行绑定'}
             />
           </Form.Field>
           <Button onClick={submit}>提交</Button>