diff --git a/app/controllers/password_resets_controller.rb b/app/controllers/password_resets_controller.rb
index b7584890..b32811d2 100644
--- a/app/controllers/password_resets_controller.rb
+++ b/app/controllers/password_resets_controller.rb
@@ -31,7 +31,7 @@ class PasswordResetsController < ApplicationController
   private
 
   def set_user_by_token
-    @user = User.find_by_token_for(password_reset: params[:token])
+    @user = User.find_by_token_for(:password_reset, params[:token])
     redirect_to new_password_reset_path, alert: t("password_resets.update.invalid_token") unless @user.present?
   end
 
diff --git a/test/controllers/password_resets_controller_test.rb b/test/controllers/password_resets_controller_test.rb
new file mode 100644
index 00000000..ebe75b9e
--- /dev/null
+++ b/test/controllers/password_resets_controller_test.rb
@@ -0,0 +1,30 @@
+require "test_helper"
+
+class PasswordResetsControllerTest < ActionDispatch::IntegrationTest
+  setup do
+    @user = users(:bob)
+  end
+
+  test "new" do
+    get new_password_reset_path
+    assert_response :ok
+  end
+
+  test "create" do
+    assert_enqueued_emails 1 do
+      post password_reset_path, params: { email: @user.email }
+      assert_redirected_to root_url
+    end
+  end
+
+  test "edit" do
+    get edit_password_reset_path(token: @user.generate_token_for(:password_reset))
+    assert_response :ok
+  end
+
+  test "update" do
+    patch password_reset_path(token: @user.generate_token_for(:password_reset)),
+      params: { user: { password: "password", password_confirmation: "password" } }
+    assert_redirected_to new_session_url
+  end
+end