diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 25590411945..69c028e9336 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -12,7 +12,13 @@ class UsersController < ApplicationController
   #  page is going to be empty, this means that server will see an invalid CSRF and blow the session
   #  once that happens you can't log in with social
   skip_before_filter :verify_authenticity_token, only: [:create]
-  skip_before_filter :redirect_to_login_if_required, only: [:check_username,:create,:get_honeypot_value,:activate_account,:send_activation_email,:authorize_email]
+  skip_before_filter :redirect_to_login_if_required, only: [:check_username,
+                                                            :create,
+                                                            :get_honeypot_value,
+                                                            :activate_account,
+                                                            :send_activation_email,
+                                                            :authorize_email,
+                                                            :password_reset]
 
   def show
     @user = fetch_user_from_params
diff --git a/spec/controllers/users_controller_spec.rb b/spec/controllers/users_controller_spec.rb
index a44ffef2064..463885bedb6 100644
--- a/spec/controllers/users_controller_spec.rb
+++ b/spec/controllers/users_controller_spec.rb
@@ -216,6 +216,17 @@ describe UsersController do
   describe '.password_reset' do
     let(:user) { Fabricate(:user) }
 
+    context "you can view it even if login is required" do
+      before do
+        SiteSetting.stubs(:login_required).returns(true)
+        get :password_reset, token: 'asdfasdf'
+      end
+
+      it "returns success" do
+        response.should be_success
+      end
+    end
+
     context 'invalid token' do
       before do
         EmailToken.expects(:confirm).with('asdfasdf').returns(nil)