Oops, fix error when saving user settings with no password set

Ah okay, if you leave the password field blank but don't have one set,
our simple `update` method gets annoyed that you left it blank.

In this change, we simplify the model API by just overriding
`update_with_password` with our own special behavior for the
no-password case.

app/controllers/auth_users_controller.rb

@@ -24,13 +24,7 @@ class AuthUsersController < ApplicationController
 	def update
 		@auth_user = load_auth_user
 
-		# If the user has a password, then the `current_password` field is required
-		# when updating. If not, then it's not!
-		success = @auth_user.uses_password? ?
-			@auth_user.update_with_password(auth_user_params) :
-			@auth_user.update(auth_user_params)
-
-		if success
+		if @auth_user.update_with_password(auth_user_params)
 			# NOTE: Changing the password will sign you out, so make sure we stay
 			# signed in!
 			bypass_sign_in @auth_user, scope: :auth_user

app/models/auth_user.rb

@@ -81,6 +81,23 @@ class AuthUser < AuthRecord
     encrypted_password?
   end
 
+  def update_with_password(params)
+    # If this account already uses passwords, use Devise's default behavior.
+    return super(params) if uses_password?
+
+    # Otherwise, we implement similar logic, but skipping the check for
+    # `current_password`: Bulk-assign most attributes, but only set the
+    # password if it's non-empty.
+    self.attributes = params.except(:password, :password_confirmation,
+      :current_password)
+    if params[:password].present?
+      self.password = params[:password]
+      self.password_confirmation = params[:password_confirmation]
+    end
+
+    self.save
+  end
+
   def connect_omniauth!(auth)
     raise MissingAuthInfoError, "Email missing" if auth.info.email.blank?