diff --git a/flaschengeist/plugins/auth/__init__.py b/flaschengeist/plugins/auth/__init__.py
index 95ba2d3..fa9e789 100644
--- a/flaschengeist/plugins/auth/__init__.py
+++ b/flaschengeist/plugins/auth/__init__.py
@@ -2,12 +2,13 @@
 
 Allow management of authentication, login, logout, etc.
 """
-from flask import Blueprint, request, jsonify
 from http.client import CREATED, NO_CONTENT
-from werkzeug.exceptions import Forbidden, BadRequest, Unauthorized
+from flask import Blueprint, request, jsonify
+from werkzeug.exceptions import Forbidden, BadRequest, Unauthorized, NotFound
 
 from flaschengeist import logger
 from flaschengeist.plugins import Plugin
+from flaschengeist.utils.HTTP import no_content
 from flaschengeist.decorator import login_required
 from flaschengeist.controller import sessionController, userController
 
@@ -162,3 +163,20 @@ def get_assocd_user(token, current_session, **kwargs):
         # Valid tokens from other users and invalid tokens now are looking the same
         raise Forbidden
     return jsonify(session._user)
+
+
+@auth_bp.route("/auth/reset", methods=["POST"])
+def reset_password():
+    data = request.get_json()
+    if "userid" in data:
+        try:
+            user = userController.find_user(data["userid"])
+            userController.request_reset(user)
+        except NotFound:
+            pass
+    elif "password" in data and "token" in data:
+        userController.reset_password(data["token"], data["password"])
+    else:
+        raise BadRequest("Missing parameter(s)")
+
+    return no_content()