diff --git a/src/mailer.js b/src/mailer.js
index 69be6d9be..d0713363a 100644
--- a/src/mailer.js
+++ b/src/mailer.js
@@ -152,7 +152,7 @@ async function sendNewLoginLocation(user, loginLocation) {
     await sendMail(mailOptions);
 }
 
-async function passwordReset(user) {
+async function passwordReset(user, resetLink) {
     assert.strictEqual(typeof user, 'object');
 
     const mailConfig = await getMailConfig();
@@ -160,7 +160,7 @@ async function passwordReset(user) {
 
     const templateData = {
         user: user.displayName || user.username || user.email,
-        resetLink: `${settings.dashboardOrigin()}/login.html?resetToken=${user.resetToken}`,
+        resetLink: resetLink,
         cloudronName: mailConfig.cloudronName,
         cloudronAvatarUrl: settings.dashboardOrigin() + '/api/v1/cloudron/avatar'
     };
diff --git a/src/routes/cloudron.js b/src/routes/cloudron.js
index 5d574f2d9..e3e39d094 100644
--- a/src/routes/cloudron.js
+++ b/src/routes/cloudron.js
@@ -80,10 +80,10 @@ async function logout(req, res) {
 async function passwordResetRequest(req, res, next) {
     if (!req.body.identifier || typeof req.body.identifier !== 'string') return next(new HttpError(401, 'A identifier must be non-empty string'));
 
-    const [error] = await safe(users.sendPasswordResetByIdentifier(req.body.identifier, auditSource.fromRequest(req)));
+    const [error, result] = await safe(users.sendPasswordResetByIdentifier(req.body.identifier, auditSource.fromRequest(req)));
     if (error && error.reason !== BoxError.NOT_FOUND) return next(BoxError.toHttpError(error));
 
-    next(new HttpSuccess(202, {}));
+    next(new HttpSuccess(202, { resetLink: result }));
 }
 
 async function passwordReset(req, res, next) {
diff --git a/src/users.js b/src/users.js
index b94e417d4..32994afd2 100644
--- a/src/users.js
+++ b/src/users.js
@@ -550,13 +550,17 @@ async function sendPasswordResetByIdentifier(identifier, auditSource) {
     const user = identifier.indexOf('@') === -1 ? await getByUsername(identifier.toLowerCase()) : await getByEmail(identifier.toLowerCase());
     if (!user) throw new BoxError(BoxError.NOT_FOUND, 'User not found');
 
-    let resetToken = hat(256), resetTokenCreationTime = new Date();
+    const resetToken = hat(256);
+    const resetTokenCreationTime = new Date();
+
     user.resetToken = resetToken;
     user.resetTokenCreationTime = resetTokenCreationTime;
-
     await update(user, { resetToken, resetTokenCreationTime }, auditSource);
 
-    await mailer.passwordReset(user);
+    const resetLink = `${settings.dashboardOrigin()}/login.html?resetToken=${user.resetToken}`;
+    await mailer.passwordReset(user, resetLink);
+
+    return resetLink;
 }
 
 async function notifyLoginLocation(user, ip, userAgent, auditSource) {