diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index da82d1c4acf93d5f287363a8def4a49ba6c35edb..b4c98a0f7f47ea70fd88fa9291f740914e382133 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -31,6 +31,12 @@ class UsersController < ApplicationController
   def edit
   end
 
+  def update
+    @user.update_attributes user_params
+    flash[:notice] = I18n.t(:changes_saved) if @user.valid?
+    respond_with @user, location: edit_user_path(@user)
+  end
+
   def deactivate
     @user.account.disable
     flash[:notice] = I18n.t("actions.user_disabled_message", username: @user.username)
@@ -62,7 +68,7 @@ class UsersController < ApplicationController
     if admin?
       params.require(:user).permit(:effective_service_level)
     else
-      params.require(:user).permit(:password, :password_confirmation)
+      params.require(:user).permit(:contact_email)
     end
   end
 
diff --git a/app/views/users/_edit.html.haml b/app/views/users/_edit.html.haml
index 1d2b68aa10ca0b6a9095932e70d82d64330de002..86629797b909d4ecc757ab78c0ce65e9690c2434 100644
--- a/app/views/users/_edit.html.haml
+++ b/app/views/users/_edit.html.haml
@@ -2,12 +2,13 @@
 -# edit user form, used by both show and edit actions.
 -#
 -# We render a bunch of forms here. Which we use depends upon config settings
--# user_actions and admin_actions. They both include an array of actions 
+-# user_actions and admin_actions. They both include an array of actions
 -# allowed to users and admins.
 -# Possible forms are:
 -#  'change_password'
 -#  'change_pgp_key'
 -#  'change_service_level'
+-#  'contact_email'
 -#  'destroy_account'
 - actions = APP_CONFIG[admin? ? :admin_actions : :user_actions] || []
 - actions.each do |action|
diff --git a/test/integration/browser/alternate_email_test.rb b/test/integration/browser/alternate_email_test.rb
new file mode 100644
index 0000000000000000000000000000000000000000..fc58fb4edb3c2f6306a628c6b2f9de03b8513c9a
--- /dev/null
+++ b/test/integration/browser/alternate_email_test.rb
@@ -0,0 +1,25 @@
+require 'test_helper'
+
+class AlternateEmailTest < BrowserIntegrationTest
+  test "change alternate email" do
+    username, password = submit_signup
+    click_on 'Account Settings'
+    within(".edit_user") do
+      fill_in 'user_contact_email', with: 'test@leap.se'
+      click_on 'Save'
+    end
+    assert page.has_content?('Changes saved successfully')
+    assert_equal 'test@leap.se',
+      page.find('#user_contact_email').value
+  end
+
+  test "change alternate email to invalid" do
+    username, password = submit_signup
+    click_on 'Account Settings'
+    within(".edit_user") do
+      fill_in 'user_contact_email', with: 'test@invalid'
+      click_on 'Save'
+      assert page.has_content?('is invalid')
+    end
+  end
+end