diff --git a/packages/component-fixture-manager/src/fixtures/users.js b/packages/component-fixture-manager/src/fixtures/users.js
index 5d8872ba8cd34c9c9b63aec724df9b38a5dfec29..0e38ab789b2e01125fb59573e6d03af085ae1435 100644
--- a/packages/component-fixture-manager/src/fixtures/users.js
+++ b/packages/component-fixture-manager/src/fixtures/users.js
@@ -81,11 +81,17 @@ const users = {
     lastName: user.lastName,
     affiliation: chance.company(),
     title: 'Mr',
-    save: jest.fn(() => users.user),
+    save: jest.fn(function save() {
+      return this
+    }),
     isConfirmed: false,
     updateProperties: jest.fn(() => users.user),
     teams: [],
     confirmationToken: chance.hash(),
+    validPassword: jest.fn(function validPassword(password) {
+      return this.password === password
+    }),
+    token: chance.hash(),
   },
   author: {
     type: 'user',
diff --git a/packages/component-user-manager/src/Users.js b/packages/component-user-manager/src/Users.js
index 1c5c159ddfd35f3d654dc3e593c1c74acaed283e..3a6774b2386056c681551de4afae99247d656845 100644
--- a/packages/component-user-manager/src/Users.js
+++ b/packages/component-user-manager/src/Users.js
@@ -2,6 +2,9 @@ const bodyParser = require('body-parser')
 
 const Invite = app => {
   app.use(bodyParser.json())
+  const authBearer = app.locals.passport.authenticate('bearer', {
+    session: false,
+  })
   /**
    * @api {post} /api/users/reset-password Reset password
    * @apiGroup Users
@@ -88,6 +91,38 @@ const Invite = app => {
     '/api/users/forgot-password',
     require('./routes/users/forgotPassword')(app.locals.models),
   )
+  /**
+   * @api {post} /api/users/change-password Change password
+   * @apiGroup Users
+   * @apiParamExample {json} Body
+   *    {
+   *      "password": "currentPassword",
+   *      "newPassword": "newPassword",
+   *    }
+   * @apiSuccessExample {json} Success
+   *    HTTP/1.1 200 OK
+   *    {
+   *      "id": "a6184463-b17a-42f8-b02b-ae1d755cdc6b",
+   *      "type": "user",
+   *      "admin": false,
+   *      "email": "email@example.com",
+   *      "teams": [],
+   *      "username": "email@example.com",
+   *      "fragments": [],
+   *      "collections": [],
+   *      "isConfirmed": true,
+   *      "editorInChief": false,
+   *      "handlingEditor": false
+   *    }
+   * @apiErrorExample {json} Reset password errors
+   *    HTTP/1.1 400 Bad Request
+   *    HTTP/1.1 404 Not Found
+   */
+  app.post(
+    '/api/users/change-password',
+    authBearer,
+    require('./routes/users/changePassword')(app.locals.models),
+  )
 }
 
 module.exports = Invite