diff --git a/lib/Alchemy/Phrasea/Authentication/RecoveryService.php b/lib/Alchemy/Phrasea/Authentication/RecoveryService.php
index 877055f23c..9b7d660deb 100644
--- a/lib/Alchemy/Phrasea/Authentication/RecoveryService.php
+++ b/lib/Alchemy/Phrasea/Authentication/RecoveryService.php
@@ -140,7 +140,7 @@ class RecoveryService
     {
         $token = $this->tokenRepository->findValidToken($resetToken);
 
-        if ($token === null || $token->getType() == TokenManipulator::TYPE_PASSWORD) {
+        if ($token === null || $token->getType() != TokenManipulator::TYPE_PASSWORD) {
             $this->application->abort(401, 'A token is required');
         }
 
diff --git a/tests/Alchemy/Tests/Phrasea/Controller/Root/LoginTest.php b/tests/Alchemy/Tests/Phrasea/Controller/Root/LoginTest.php
index 185ccc64ee..a54630c467 100644
--- a/tests/Alchemy/Tests/Phrasea/Controller/Root/LoginTest.php
+++ b/tests/Alchemy/Tests/Phrasea/Controller/Root/LoginTest.php
@@ -332,7 +332,7 @@ class LoginTest extends \PhraseanetAuthenticatedWebTestCase
         ]);
 
         $response = self::$DI['client']->getResponse();
-        $this->assertEquals(401, $response->getStatusCode());
+        $this->assertEquals(200, $response->getStatusCode());
     }
 
     public function testRenewPasswordBadTokenWheneverItsAuthenticated()
@@ -359,7 +359,7 @@ class LoginTest extends \PhraseanetAuthenticatedWebTestCase
 
         $response = self::$DI['client']->getResponse();
 
-        $this->assertEquals(401, $response->getStatusCode());
+        $this->assertEquals(200, $response->getStatusCode());
     }
 
     public function testRenewPasswordNoTokenWheneverItsAuthenticated()