diff --git a/product/ERP5Security/tests/testERP5Security.py b/product/ERP5Security/tests/testERP5Security.py
index e5d7b8fc5bfad9f5dd81eda7622a65f1494012c4..979684b6eb0a9e5fd21102a5b855fc2cf4755a40 100644
--- a/product/ERP5Security/tests/testERP5Security.py
+++ b/product/ERP5Security/tests/testERP5Security.py
@@ -30,6 +30,7 @@
 """
 
 import unittest
+import transaction
 
 from Products.ERP5Type.tests.ERP5TypeTestCase import ERP5TypeTestCase,\
                                                      get_request
@@ -96,6 +97,11 @@ class TestUserManagement(ERP5TypeTestCase):
     self.failUnless(isinstance(self.getUserFolder(),
         PluggableAuthService.PluggableAuthService))
 
+  def loginAsUser(self, username):
+    uf = self.portal.acl_users
+    user = uf.getUserById(username).__of__(uf)
+    newSecurityManager(None, user)
+
   def _makePerson(self, open_assignment=1, assignment_start_date=None,
                   assignment_stop_date=None, **kw):
     """Creates a person in person module, and returns the object, after
@@ -251,6 +257,23 @@ class TestUserManagement(ERP5TypeTestCase):
     self.assertNotEquals(person_module[changed['new_id']].getReference(),
                          person_module[changed['id']].getReference())
   
+  def test_PreferenceTool_setNewPassword(self):
+    # Preference Tool has an action to change password
+    pers = self._makePerson(reference='the_user', password='secret',)
+    transaction.commit()
+    self.tic()
+    self._assertUserExists('the_user', 'secret')
+    self.loginAsUser('the_user')
+    self.portal.REQUEST.set('current_password', 'secret')
+    self.portal.REQUEST.set('new_password', 'new_secret')
+    self.portal.portal_preferences.PreferenceTool_setNewPassword()
+    self._assertUserExists('the_user', 'new_secret')
+    self._assertUserDoesNotExists('the_user', 'secret')
+
+    # password is not stored in plain text
+    self.assertNotEquals('new_secret', pers.getPassword())
+
+
   def test_OpenningAssignmentClearCache(self):
     """Openning an assignment for a person clear the cache automatically."""
     pers = self._makePerson(reference='the_user', password='secret',