diff --git a/app/Http/Controllers/ProfileController.php b/app/Http/Controllers/ProfileController.php
index 227ca9fbe4..98154d6be7 100644
--- a/app/Http/Controllers/ProfileController.php
+++ b/app/Http/Controllers/ProfileController.php
@@ -26,6 +26,16 @@ class ProfileController extends Controller
         );
     }
 
+    /**
+     * @return \Illuminate\View\View
+     */
+    public function deleteAccount()
+    {
+        return view('profile.delete-account')->with('title', Auth::user()->email)->with('subTitle', 'Delete account')->with(
+            'mainTitleIcon', 'fa-user'
+        );
+    }
+
     /**
      * @return \Illuminate\View\View
      *
@@ -35,15 +45,49 @@ class ProfileController extends Controller
         return view('profile.index')->with('title', 'Profile')->with('subTitle', Auth::user()->email)->with('mainTitleIcon', 'fa-user');
     }
 
+    /**
+     * @return \Illuminate\Http\RedirectResponse|\Illuminate\View\View
+     */
+    public function postChangePassword(ProfileFormRequest $request)
+    {
+        // old, new1, new2
+        if (!Hash::check($request->get('current_password'), Auth::user()->password)) {
+            Session::flash('error', 'Invalid current password!');
+
+            return Redirect::route('change-password');
+        }
+        $result = $this->validatePassword($request->get('current_password'), $request->get('new_password'));
+        if (!($result === true)) {
+            Session::flash('error', $result);
+
+            return Redirect::route('change-password');
+        }
+
+        // update the user with the new password.
+        Auth::user()->password = $request->get('new_password');
+        Auth::user()->save();
+
+        Session::flash('success', 'Password changed!');
+
+        return Redirect::route('profile');
+    }
 
     /**
-     * @return \Illuminate\View\View
+     * @SuppressWarnings("CyclomaticComplexity") // It's exactly 5. So I don't mind.
+     *
+     * @param string $old
+     * @param string $new1
+     *
+     * @return string|bool
      */
-    public function deleteAccount()
+    protected function validatePassword($old, $new1)
     {
-        return view('profile.delete-account')->with('title', Auth::user()->email)->with('subTitle', 'Delete account')->with(
-            'mainTitleIcon', 'fa-user'
-        );
+        if ($new1 == $old) {
+            return 'The idea is to change your password.';
+        }
+
+        return true;
+
     }
 
     /**
@@ -66,57 +110,4 @@ class ProfileController extends Controller
     }
 
 
-    /**
-     * @return \Illuminate\Http\RedirectResponse|\Illuminate\View\View
-     */
-    public function postChangePassword(ProfileFormRequest $request)
-    {
-        // old, new1, new2
-        if (!Hash::check($request->get('current_password'), Auth::user()->password)) {
-            Session::flash('error', 'Invalid current password!');
-
-            return Redirect::route('change-password');
-        }
-        $result = $this->validatePassword($request->get('current_password'), $request->get('new_password'), $request->get('new_password_confirmation'));
-        if (!($result === true)) {
-            Session::flash('error', $result);
-
-            return Redirect::route('change-password');
-        }
-
-        // update the user with the new password.
-        Auth::user()->password = $request->get('new_password');
-        Auth::user()->save();
-
-        Session::flash('success', 'Password changed!');
-
-        return Redirect::route('profile');
-    }
-
-    /**
-     * @SuppressWarnings("CyclomaticComplexity") // It's exactly 5. So I don't mind.
-     *
-     * @param string $old
-     * @param string $new1
-     * @param string $new2
-     *
-     * @return string|bool
-     */
-    protected function validatePassword($old, $new1, $new2)
-    {
-        if (strlen($new1) == 0 || strlen($new2) == 0) {
-            return 'Do fill in a password!';
-
-        }
-        if ($new1 == $old) {
-            return 'The idea is to change your password.';
-        }
-
-        if ($new1 !== $new2) {
-            return 'New passwords do not match!';
-        }
-
-        return true;
-
-    }
 }
diff --git a/tests/controllers/ProfileControllerTest.php b/tests/controllers/ProfileControllerTest.php
new file mode 100644
index 0000000000..8bc447f12b
--- /dev/null
+++ b/tests/controllers/ProfileControllerTest.php
@@ -0,0 +1,170 @@
+<?php
+use League\FactoryMuffin\Facade as FactoryMuffin;
+
+/**
+ * Class ProfileControllerTest
+ */
+class ProfileControllerTest extends TestCase
+{
+    /**
+     * Sets up the fixture, for example, opens a network connection.
+     * This method is called before a test is executed.
+     */
+    public function setUp()
+    {
+        parent::setUp();
+    }
+
+    /**
+     * This method is called before the first test of this test class is run.
+     *
+     * @since Method available since Release 3.4.0
+     */
+    public static function setUpBeforeClass()
+    {
+        parent::setUpBeforeClass();
+    }
+
+    /**
+     * Tears down the fixture, for example, closes a network connection.
+     * This method is called after a test is executed.
+     */
+    public function tearDown()
+    {
+        parent::tearDown();
+    }
+
+    public function testChangePassword()
+    {
+        $user = FactoryMuffin::create('FireflyIII\User');
+        $this->be($user);
+
+        $this->call('GET', '/profile/change-password');
+        $this->assertResponseOk();
+    }
+
+    public function testDeleteAccount()
+    {
+        $user = FactoryMuffin::create('FireflyIII\User');
+        $this->be($user);
+
+        $this->call('GET', '/profile/delete-account');
+        $this->assertResponseOk();
+    }
+
+    public function testIndex()
+    {
+        $user = FactoryMuffin::create('FireflyIII\User');
+        $this->be($user);
+
+        $this->call('GET', '/profile');
+        $this->assertResponseOk();
+    }
+
+    public function testPostChangePassword()
+    {
+        $user           = FactoryMuffin::create('FireflyIII\User');
+        $user->password = bcrypt('current');
+        $user->save();
+        $this->be($user);
+
+        $post = [
+            'current_password'          => 'current',
+            'new_password'              => 'something',
+            'new_password_confirmation' => 'something',
+            '_token'                    => 'replaceMe'
+        ];
+
+        $this->call('POST', '/profile/change-password', $post);
+
+        $this->assertRedirectedToRoute('profile');
+        $this->assertSessionHas('success', 'Password changed!');
+        $this->assertResponseStatus(302);
+
+    }
+
+    public function testPostChangePasswordInvalidCurrent()
+    {
+        $user           = FactoryMuffin::create('FireflyIII\User');
+        $user->password = bcrypt('current');
+        $user->save();
+        $this->be($user);
+
+        $post = [
+            'current_password'          => 'currentWrong',
+            'new_password'              => 'something',
+            'new_password_confirmation' => 'something',
+            '_token'                    => 'replaceMe'
+        ];
+
+        $this->call('POST', '/profile/change-password', $post);
+
+        $this->assertRedirectedToRoute('change-password');
+        $this->assertSessionHas('error', 'Invalid current password!');
+        $this->assertResponseStatus(302);
+
+    }
+
+    public function testPostChangePasswordNoNewPassword()
+    {
+        $user           = FactoryMuffin::create('FireflyIII\User');
+        $user->password = bcrypt('current');
+        $user->save();
+        $this->be($user);
+
+        $post = [
+            'current_password'          => 'current',
+            'new_password'              => 'current',
+            'new_password_confirmation' => 'current',
+            '_token'                    => 'replaceMe'
+        ];
+
+        $this->call('POST', '/profile/change-password', $post);
+
+        $this->assertSessionHas('error', 'The idea is to change your password.');
+        $this->assertResponseStatus(302);
+        $this->assertRedirectedToRoute('change-password');
+
+
+    }
+
+    public function testPostDeleteAccount()
+    {
+        $user           = FactoryMuffin::create('FireflyIII\User');
+        $user->password = bcrypt('current');
+        $user->save();
+        $this->be($user);
+
+        $post = [
+            'password' => 'current',
+            '_token'   => 'replaceMe'
+        ];
+
+        $this->call('POST', '/profile/delete-account', $post);
+
+        $this->assertRedirectedToRoute('index');
+        $this->assertResponseStatus(302);
+
+    }
+
+    public function testPostDeleteAccountInvalidPassword()
+    {
+        $user           = FactoryMuffin::create('FireflyIII\User');
+        $user->password = bcrypt('current');
+        $user->save();
+        $this->be($user);
+
+        $post = [
+            'password' => 'currentXX',
+            '_token'   => 'replaceMe'
+        ];
+
+        $this->call('POST', '/profile/delete-account', $post);
+
+        $this->assertRedirectedToRoute('delete-account');
+        $this->assertSessionHas('error', 'Invalid password!');
+        $this->assertResponseStatus(302);
+
+    }
+
+}
\ No newline at end of file