diff --git a/app/controllers/public/account_controller.rb b/app/controllers/public/account_controller.rb
index 72eca77..199cb3e 100644
--- a/app/controllers/public/account_controller.rb
+++ b/app/controllers/public/account_controller.rb
@@ -92,7 +92,7 @@ class AccountController < PublicController
     @change_password = ChangePassword.find_by_code(params[:code])
 
     unless @change_password
-      render :action => 'invalid_change_password_code'
+      render :action => 'invalid_change_password_code', :status => 403
       return
     end
 
diff --git a/test/functional/account_controller_test.rb b/test/functional/account_controller_test.rb
index 8b3a68f..37ad537 100644
--- a/test/functional/account_controller_test.rb
+++ b/test/functional/account_controller_test.rb
@@ -194,6 +194,9 @@ class AccountControllerTest < Test::Unit::TestCase
   should 'provide interface for entering new password' do
     change = ChangePassword.new
     ChangePassword.expects(:find_by_code).with('osidufgiashfkjsadfhkj99999').returns(change)
+    person = mock
+    person.stubs(:identifier).returns('joe')
+    change.stubs(:requestor).returns(person)
 
     get :new_password, :code => 'osidufgiashfkjsadfhkj99999'
     assert_equal change, assigns(:change_password)
@@ -217,9 +220,9 @@ class AccountControllerTest < Test::Unit::TestCase
   should 'require a valid change_password code' do
     ChangePassword.destroy_all
 
-    assert_raise RuntimeError do
-      get :new_password, :code => 'dontexist'
-    end
+    get :new_password, :code => 'dontexist'
+    assert_response 403
+    assert_template 'invalid_change_password_code'
   end
 
   protected
--
libgit2 0.21.2