1 files changed, 9 insertions, 5 deletions

diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 07c807ce4..9c7f2a17d 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -101,7 +101,7 @@ class UsersController < ApplicationController
     @user.safe_attributes = params[:user]
     @user.admin = params[:user][:admin] || false
     @user.login = params[:user][:login]
-    @user.password, @user.password_confirmation = params[:password], params[:password_confirmation] unless @user.auth_source_id
+    @user.password, @user.password_confirmation = params[:user][:password], params[:user][:password_confirmation] unless @user.auth_source_id
 
     # TODO: Similar to My#account
     @user.mail_notification = params[:notification_option] || 'only_my_events'
@@ -127,6 +127,8 @@ class UsersController < ApplicationController
     else
       @auth_sources = AuthSource.find(:all)
       @notification_option = @user.mail_notification
+      # Clear password input
+      @user.password = @user.password_confirmation = nil
 
       respond_to do |format|
         format.html { render :action => 'new' }
@@ -152,8 +154,8 @@ class UsersController < ApplicationController
 
     @user.admin = params[:user][:admin] if params[:user][:admin]
     @user.login = params[:user][:login] if params[:user][:login]
-    if params[:password].present? && (@user.auth_source_id.nil? || params[:user][:auth_source_id].blank?)
-      @user.password, @user.password_confirmation = params[:password], params[:password_confirmation]
+    if params[:user][:password].present? && (@user.auth_source_id.nil? || params[:user][:auth_source_id].blank?)
+      @user.password, @user.password_confirmation = params[:user][:password], params[:user][:password_confirmation]
     end
     @user.group_ids = params[:user][:group_ids] if params[:user][:group_ids]
     @user.safe_attributes = params[:user]
@@ -170,8 +172,8 @@ class UsersController < ApplicationController
 
       if was_activated
         Mailer.deliver_account_activated(@user)
-      elsif @user.active? && params[:send_information] && !params[:password].blank? && @user.auth_source_id.nil?
-        Mailer.deliver_account_information(@user, params[:password])
+      elsif @user.active? && params[:send_information] && !params[:user][:password].blank? && @user.auth_source_id.nil?
+        Mailer.deliver_account_information(@user, params[:user][:password])
       end
       
       respond_to do |format|
@@ -184,6 +186,8 @@ class UsersController < ApplicationController
     else
       @auth_sources = AuthSource.find(:all)
       @membership ||= Member.new
+      # Clear password input
+      @user.password = @user.password_confirmation = nil
 
       respond_to do |format|
         format.html { render :action => :edit }