diff --git a/server/controllers/ticket/create.php b/server/controllers/ticket/create.php
index 1b8bd8c7..7aeaa6e9 100644
--- a/server/controllers/ticket/create.php
+++ b/server/controllers/ticket/create.php
@@ -1,6 +1,5 @@
 <?php
 use RedBeanPHP\Facade as RedBean;
-
 use Respect\Validation\Validator as DataValidator;
 
 class CreateController extends Controller {
@@ -54,10 +53,10 @@ class CreateController extends Controller {
             'unread' => false,
             'closed' => false
         ));
-        
+
         //TODO: Add logged user as author
         $ticket->setAuthor(User::getUser(1));
 
         $ticket->store();
     }
-}
\ No newline at end of file
+}
diff --git a/server/controllers/user.php b/server/controllers/user.php
index 7ad1054c..f096bb08 100644
--- a/server/controllers/user.php
+++ b/server/controllers/user.php
@@ -2,6 +2,8 @@
 include 'user/login.php';
 include 'user/signup.php';
 include 'user/logout.php';
+include 'user/recover-password.php';
+include 'user/send-recover-password.php';
 
 $userControllers = new ControllerGroup();
 $userControllers->setGroupPath('/user');
@@ -9,5 +11,7 @@ $userControllers->setGroupPath('/user');
 $userControllers->addController(new LoginController);
 $userControllers->addController(new SignUpController);
 $userControllers->addController(new LogoutController);
+$userControllers->addController(new SendRecoverPasswordController);
+$userControllers->addController(new RecoverPasswordController);
 
 $userControllers->finalize();
diff --git a/server/controllers/user/recover-password.php b/server/controllers/user/recover-password.php
new file mode 100644
index 00000000..519968c8
--- /dev/null
+++ b/server/controllers/user/recover-password.php
@@ -0,0 +1,56 @@
+<?php
+use Respect\Validation\Validator as DataValidator;
+
+class RecoverPasswordController extends Controller {
+    const PATH = '/recover-password';
+
+    private $email;
+    private $token;
+    private $password;
+
+    public function validations() {
+        return [
+            'permission' => 'any',
+            'requestData' => [
+                'email' => [
+                    'validation' => DataValidator::email() ,
+                    'error' => ERRORS::INVALID_EMAIL
+                ],
+                'password' => [
+                    'validation' => DataValidator::length(5, 200),
+                    'error' => ERRORS::INVALID_PASSWORD
+                ]
+            ]
+        ];
+    }
+
+    public function handler(){
+        $this->requestData();
+        $this->changePassword();
+    }
+
+    public function requestData(){
+        $this->email = Controller::request('email');
+        $this->token = Controller::request('token');
+        $this->password = Controller::request('password');
+    }
+    public function changePassword(){
+        $recoverPassword = RecoverPassword::getDatastore($this->token, 'token');
+        $user = User::getDataStore($this->email, 'email');
+
+        if($recoverPassword && $user) {
+            $recoverPassword->trash();
+
+            $user->setProperties([
+                'password' => Hashing::hashPassword($this->password)
+            ]);
+
+            $user->store();
+            Response::respondSuccess('password changed');
+            return;
+
+        }
+
+        Response::respondError(ERRORS::NO_PERMISSION);
+    }
+}
diff --git a/server/controllers/user/send-recover-password.php b/server/controllers/user/send-recover-password.php
new file mode 100644
index 00000000..e8355f74
--- /dev/null
+++ b/server/controllers/user/send-recover-password.php
@@ -0,0 +1,34 @@
+<?php
+use Respect\Validation\Validator as DataValidator;
+
+class SendRecoverPasswordController extends Controller {
+    const PATH = '/send-recover-password';
+
+    public function validations() {
+        return [
+            'permission' => 'any',
+            'requestData' => [
+                'email' => [
+                    'validation' => DataValidator::email(),
+                    'error' => ERRORS::INVALID_EMAIL
+                ]
+            ]
+        ];
+    }
+
+    public function handler() {
+        $email = Controller::request('email');
+
+        $token = Hashing::generateRandomToken();
+
+        $recoverPassword = new RecoverPassword();
+        $recoverPassword->setProperties(array(
+            'email' => $email,
+            'token' => $token
+        ));
+        $recoverPassword->store();
+
+        Response::respondSuccess();
+        //TODO:  mandar  mail con token
+    }
+}
diff --git a/server/models/DataStore.php b/server/models/DataStore.php
index b316ad84..7a782707 100644
--- a/server/models/DataStore.php
+++ b/server/models/DataStore.php
@@ -72,4 +72,8 @@ abstract class DataStore {
 
         return ($validProp) ? $propToValidate : 'id';
     }
+
+    public function trash() {
+        RedBean::trash($this->_bean);
+    }
 }
diff --git a/server/models/ERRORS.php b/server/models/ERRORS.php
index 442f9b54..4c3017ce 100644
--- a/server/models/ERRORS.php
+++ b/server/models/ERRORS.php
@@ -3,9 +3,9 @@ class ERRORS {
     const INVALID_CREDENTIALS = 'User or password is not defined';
     const SESSION_EXISTS = 'User is already logged in';
     const NO_PERMISSION = 'You have no permission to access';
-    const INVALID_NAME = 'Invalid name';
-    const INVALID_EMAIL = 'Invalid email';
-    const INVALID_PASSWORD = 'Invalid password';
     const INVALID_TITLE = 'Invalid title';
     const INVALID_CONTENT = 'Invalid content';
+    const INVALID_EMAIL = 'Invalid email';
+    const INVALID_PASSWORD = 'Invalid password';
+    const INVALID_NAME = 'Invalid name';
 }
diff --git a/server/models/RecoverPassword.php b/server/models/RecoverPassword.php
new file mode 100644
index 00000000..1cf15f1b
--- /dev/null
+++ b/server/models/RecoverPassword.php
@@ -0,0 +1,15 @@
+<?php
+class RecoverPassword extends DataStore {
+    const TABLE = 'recoverpassword';
+    
+    public static function getProps() {
+        return array (
+            'email',
+            'token'
+        );
+    }
+    
+    public function getDefaultProps() {
+        return array();
+    }
+}
\ No newline at end of file
diff --git a/tests/init.rb b/tests/init.rb
index 76eea472..9a3a25e6 100644
--- a/tests/init.rb
+++ b/tests/init.rb
@@ -10,4 +10,6 @@ require './scripts.rb'
 # TESTS
 require './user/signup.rb'
 require './user/login.rb'
+require './user/send-recover-password.rb'
+require './user/recover-password.rb'
 #require './ticket/create.rb'
diff --git a/tests/user/recover-password.rb b/tests/user/recover-password.rb
new file mode 100644
index 00000000..7b00949f
--- /dev/null
+++ b/tests/user/recover-password.rb
@@ -0,0 +1,39 @@
+describe '/user/recover-password' do
+    @recoverEmail = 'recover@os4.com'
+    @newRecoverPass = 'newrecover'
+
+    it 'should fail if email is incorrect' do
+        result = request('/user/recover-password', {
+            email: 'login@os4com',
+            password: @newRecoverPass
+        })
+
+        (result['status']).should.equal('fail');
+
+        result = request('/user/recover-password', {
+            email: 'loginos4.com',
+            password: @newRecoverPass
+        })
+
+        (result['status']).should.equal('fail');
+    end
+
+    it 'should fail if password is incorrect' do
+        result = request('/user/recover-password',{
+            email: @recoverEmail,
+            password: 'log'
+        })
+
+        (result['status']).should.equal('fail');
+
+        long_text = ''
+        250.times {long_text << 'a'}
+
+        result = request('/user/recover-password',{
+            email: @recoverEmail,
+            password: long_text
+        })
+
+        (result['status']).should.equal('fail');
+    end
+end
diff --git a/tests/user/send-recover-password.rb b/tests/user/send-recover-password.rb
new file mode 100644
index 00000000..4295fd49
--- /dev/null
+++ b/tests/user/send-recover-password.rb
@@ -0,0 +1,27 @@
+describe '/user/send-recover-password' do
+    @recoverEmail = 'recover@os4.com'
+    @recoverPass = 'recover'
+
+    Scripts.createUser(@recoverEmail, @recoverPass)
+
+    it 'should fail if email is incorrect' do
+        result = request('/user/send-recover-password', {
+            email: 'login@os4com'
+        })
+
+        (result['status']).should.equal('fail');
+
+        result = request('/user/send-recover-password', {
+            email: 'loginos4.com'
+        })
+
+        (result['status']).should.equal('fail');
+    end
+    it 'should success if email is correct' do
+        result = request('/user/send-recover-password', {
+            email: @recoverEmail
+        })
+
+        (result['status']).should.equal('success')
+    end
+end