diff --git a/app/controllers/passwords_controller.rb b/app/controllers/passwords_controller.rb
index 07ac123..47292bf 100644
--- a/app/controllers/passwords_controller.rb
+++ b/app/controllers/passwords_controller.rb
@@ -1,28 +1,25 @@
 class PasswordsController < Devise::PasswordsController
-  # POST /resource/password
   def create
     self.resource = resource_class.send_reset_password_instructions(params[resource_name])
     if resource.errors.empty?
       render(:json => {"success" => true})
     else
-      render(:json => {"errors" => resource.errors})
+      render(:json => {"errors" => resource.errors}, :status => 500)
     end
   end
 
-  # GET /resource/password/edit?reset_password_token=abcdef
   def edit
     self.resource = resource_class.new
     resource.reset_password_token = params[:reset_password_token]
     render_with_scope :edit
   end
 
-  # PUT /resource/password
   def update
     self.resource = resource_class.reset_password_by_token(params[resource_name])
     if resource.errors.empty?
       render(:json => {"success" => true})
     else
-      render(:json => {"errors" => resource.errors})
+      render(:json => {"errors" => resource.errors}, :status => 500)
     end
   end
 end
diff --git a/test/functional/passwords_controller_test.rb b/test/functional/passwords_controller_test.rb
new file mode 100644
index 0000000..bfd6c36
--- /dev/null
+++ b/test/functional/passwords_controller_test.rb
@@ -0,0 +1,51 @@
+require 'test_helper'
+
+class PasswordsControllerTest < ActionController::TestCase
+  include Devise::TestHelpers
+  setup do
+    request.env["devise.mapping"] = Devise.mappings[:user]
+    @user = users(:erik)
+  end
+
+  test 'should send password reset instructions if email address is found' do
+    num_deliveries = ActionMailer::Base.deliveries.size
+    post :create, :user => {:email => @user.email}
+    assert_equal num_deliveries + 1, ActionMailer::Base.deliveries.size
+    assert_response :success
+
+    email = ActionMailer::Base.deliveries.last
+    assert_equal [@user.email], email.to
+    assert_equal "Reset password instructions", email.subject
+    assert_match /Hello #{@user.email}!/, email.encoded
+    assert_match /Someone has requested a link to change your password, and you can do this through the link below./, email.encoded
+    assert_match /Change my password/, email.encoded
+    assert_match /If you didn't request this, please ignore this email./, email.encoded
+    assert_match /Your password won't change until you access the link above and create a new one./, email.encoded
+  end
+
+  test 'should not send password reset instructions if email address is not found' do
+    post :create, :user => {:email => 'not_found@example.com'}
+    assert_response :error
+  end
+
+  test 'should render edit view' do
+    skip
+    get :edit, :reset_password_token => 'token'
+    assert_response :success
+  end
+
+  test 'should reset user password with an valid reset password token' do
+    old_password = @user.password
+    @user.send :generate_reset_password_token!
+    put :update, :user => {:reset_password_token => @user.reset_password_token, :password => 'new_password', :password_confirmation => 'new_password'}
+    @user.reload
+    assert !@user.valid_password?(old_password)
+    assert @user.valid_password?('new_password')
+    assert_response :success
+  end
+
+  test 'should not reset user password with an invalid reset password token' do
+    put :update, :user => {:reset_password_token => 'invalid_token', :password => 'new_password', :password_confirmation => 'new_password'}
+    assert_response :error
+  end
+end