@RequestMapping(value = "/Users/{userId}/password", method = RequestMethod.PUT)
@ResponseBody
public SimpleMessage changePassword(
@PathVariable String userId, @RequestBody PasswordChangeRequest change) {
checkPasswordChangeIsAllowed(userId, change.getOldPassword());
if (!dao.changePassword(userId, change.getOldPassword(), change.getPassword())) {
throw new InvalidPasswordException("Password not changed for user: "******"ok", "password updated");
}
