final User user = userService.load(username);
if (checkRequireOldPassword(username) && request.old_password == null) {
requestForm.reject("Old password is required.");
}
if (requestForm.hasErrors() || !user.updatePassword(request)) {
flash("error", "Could not update the password.");
return redirect(routes.UsersController.editUserForm(username));
}
flash("success", "Successfully changed the password for user " + user.getFullName());