diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 8274b93e7..e60f9439f 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -12,7 +12,7 @@ class UsersController < ApplicationController
       redirect_to user_path(@user)
     elsif user_params.key?("password")
       format_error_messages
-      render :edit_password, status: :unprocessable_entity
+      render "devise/passwords/edit", status: :unprocessable_entity
     else
       format_error_messages
       render :edit, status: :unprocessable_entity
@@ -40,7 +40,7 @@ class UsersController < ApplicationController
   end
 
   def edit_password
-    render :edit_password
+    render "devise/passwords/edit"
   end
 
 private
diff --git a/app/presenters/error_summary_full_messages_presenter.rb b/app/presenters/error_summary_full_messages_presenter.rb
new file mode 100644
index 000000000..e499b287e
--- /dev/null
+++ b/app/presenters/error_summary_full_messages_presenter.rb
@@ -0,0 +1,11 @@
+class ErrorSummaryFullMessagesPresenter
+  def initialize(error_messages)
+    @error_messages = error_messages
+  end
+
+  def formatted_error_messages
+    @error_messages.map do |attribute, messages|
+      [attribute, [attribute.to_s.humanize, messages.first].join(" ")]
+    end
+  end
+end
diff --git a/app/views/users/edit_password.html.erb b/app/views/devise/passwords/edit.html.erb
similarity index 91%
rename from app/views/users/edit_password.html.erb
rename to app/views/devise/passwords/edit.html.erb
index 9c1f29088..6d405ba0f 100644
--- a/app/views/users/edit_password.html.erb
+++ b/app/views/devise/passwords/edit.html.erb
@@ -10,7 +10,7 @@
 <%= form_for(@user, as: :user, html: { method: :patch }) do |f| %>
   <div class="govuk-grid-row">
     <div class="govuk-grid-column-two-thirds">
-      <%= f.govuk_error_summary %>
+      <%= f.govuk_error_summary(presenter: ErrorSummaryFullMessagesPresenter) %>
 
       <h1 class="govuk-heading-l">
         <%= content_for(:title) %>
diff --git a/spec/requests/case_log_controller_spec.rb b/spec/requests/case_log_controller_spec.rb
index 05b414614..8128a1dd8 100644
--- a/spec/requests/case_log_controller_spec.rb
+++ b/spec/requests/case_log_controller_spec.rb
@@ -1,5 +1,4 @@
 require "rails_helper"
-require_relative "../request_helper"
 
 RSpec.describe CaseLogsController, type: :request do
   let(:owning_organisation) { FactoryBot.create(:organisation) }
diff --git a/spec/requests/soft_validations_controller_spec.rb b/spec/requests/soft_validations_controller_spec.rb
index 03dd71c06..50ea558ee 100644
--- a/spec/requests/soft_validations_controller_spec.rb
+++ b/spec/requests/soft_validations_controller_spec.rb
@@ -1,5 +1,4 @@
 require "rails_helper"
-require_relative "../request_helper"
 
 RSpec.describe SoftValidationsController, type: :request do
   let(:params) { { case_log_id: case_log.id } }
diff --git a/spec/requests/user_controller_spec.rb b/spec/requests/user_controller_spec.rb
index 5dea28dfd..2830f522b 100644
--- a/spec/requests/user_controller_spec.rb
+++ b/spec/requests/user_controller_spec.rb
@@ -1,7 +1,6 @@
 require "rails_helper"
-require_relative "../support/devise"
 
-RSpec.describe UsersController, type: :request do
+RSpec.describe "password_reset", type: :request do
   let(:user) { FactoryBot.create(:user) }
   let(:unauthorised_user) { FactoryBot.create(:user) }
   let(:headers) { { "Accept" => "text/html" } }
@@ -46,21 +45,48 @@ RSpec.describe UsersController, type: :request do
       end
 
       context "update password" do
-        let(:params) do
-          {
-            id: user.id, user: { password: new_value, password_confirmation: "something_else" }
-          }
+        context "valid reset token" do
+          let(:params) do
+            {
+              id: user.id, user: { password: new_value, password_confirmation: "something_else" }
+            }
+          end
+
+          before do
+            sign_in user
+            put "/users/#{user.id}", headers: headers, params: params
+          end
+
+          it "shows an error if passwords don't match" do
+            expect(response).to have_http_status(:unprocessable_entity)
+            expect(page).to have_selector("#error-summary-title")
+            expect(page).to have_content("Password confirmation doesn't match Password")
+          end
         end
 
-        before do
-          sign_in user
-          put "/users/#{user.id}", headers: headers, params: params
-        end
-
-        it "shows an error if passwords don't match" do
-          expect(response).to have_http_status(:unprocessable_entity)
-          expect(page).to have_selector("#error-summary-title")
-          expect(page).to have_content("Password confirmation doesn't match Password")
+        context "reset token more than 3 hours old" do
+          let(:raw) { user.send_reset_password_instructions }
+          let(:params) do
+            {
+              id: user.id,
+              user: {
+                password: new_value,
+                password_confirmation: new_value,
+                reset_password_token: raw,
+              },
+            }
+          end
+
+          before do
+            allow_any_instance_of(User).to receive(:reset_password_sent_at).and_return(4.hours.ago)
+            put "/users/password", headers: headers, params: params
+          end
+
+          it "shows an error" do
+            expect(response).to have_http_status(:unprocessable_entity)
+            expect(page).to have_selector("#error-summary-title")
+            expect(page).to have_content("Reset password token has expired, please request a new one")
+          end
         end
       end
     end