diff --git a/server/controllers/user/recover-password.php b/server/controllers/user/recover-password.php
index da2bb87d..077f52ed 100755
--- a/server/controllers/user/recover-password.php
+++ b/server/controllers/user/recover-password.php
@@ -56,10 +56,6 @@ class RecoverPasswordController extends Controller {
     }
 
     public function handler() {
-        if(!Controller::isUserSystemEnabled()) {
-            throw new RequestException(ERRORS::USER_SYSTEM_DISABLED);
-        }
-
         $this->requestData();
         $this->changePassword();
     }
@@ -77,6 +73,10 @@ class RecoverPasswordController extends Controller {
             throw new RequestException(ERRORS::NO_PERMISSION);
         }
 
+        if(!Controller::isUserSystemEnabled() && !$recoverPassword->staff) {
+            throw new RequestException(ERRORS::USER_SYSTEM_DISABLED);
+        }
+
         if($recoverPassword->staff) {
             $this->user = Staff::getDataStore($this->email, 'email');
         } else {
diff --git a/server/controllers/user/send-recover-password.php b/server/controllers/user/send-recover-password.php
index 04d227dc..8d925799 100755
--- a/server/controllers/user/send-recover-password.php
+++ b/server/controllers/user/send-recover-password.php
@@ -49,11 +49,12 @@ class SendRecoverPasswordController extends Controller {
     }
 
     public function handler() {
-        if(!Controller::isUserSystemEnabled()) {
+        $this->staff = Controller::request('staff');
+
+        if(!Controller::isUserSystemEnabled() && !$this->staff) {
             throw new RequestException(ERRORS::USER_SYSTEM_DISABLED);
         }
 
-        $this->staff = Controller::request('staff');
         $email = Controller::request('email');
 
         if($this->staff){
diff --git a/tests/system/disable-user-system.rb b/tests/system/disable-user-system.rb
index 11a6c33d..42b5b0e7 100644
--- a/tests/system/disable-user-system.rb
+++ b/tests/system/disable-user-system.rb
@@ -113,7 +113,36 @@ describe'system/disable-user-system' do
             (result['message']).should.equal('SYSTEM_USER_IS_ALREADY_DISABLED')
         end
 
+        it 'should allow staff members to recover their passwords' do
+            request('/user/logout')
+            result = request('/user/send-recover-password', {
+                email: 'jorah@opensupports.com',
+                staff: true
+            })
+            (result['status']).should.equal('success')
+
+            token = $database.getLastRow('recoverpassword')['token'];
+
+            result = request('/user/recover-password', {
+                email: 'jorah@opensupports.com',
+                password: 's3cur3p455w0rd',
+                token: token
+            })
+            (result['status']).should.equal('success')
+            (result['data']['staff']).should.equal('1')
+
+            result = request('/user/login', {
+                email: 'jorah@opensupports.com',
+                password: 's3cur3p455w0rd',
+                staff: true
+            })
+            (result['status']).should.equal('success')
+            (result['data']['userEmail']).should.equal('jorah@opensupports.com')
+        end
+
         it 'should enable the user system' do
+            request('/user/logout')
+            Scripts.login($staff[:email], $staff[:password], true)
             result = request('/system/enable-user-system', {
                 csrf_userid: $csrf_userid,
                 csrf_token: $csrf_token,