Permit password creation

app/controllers/users_controller.rb

@@ -20,7 +20,7 @@ class UsersController < ApplicationController
     authorize @user
 
     @user.password_change_attempt = false
-    if @user.update(user_params)
+    if @user.update(user_general_params)
       redirect_to contests_path, notice: t("users.edit.notice")
     else
       render :edit, status: :unprocessable_entity
@@ -102,6 +102,10 @@ class UsersController < ApplicationController
   end
 
   def user_params
+    params.expect(user: [ :username, :email_address, :lang, :password ])
+  end
+
+  def user_general_params
     params.expect(user: [ :username, :email_address, :lang ])
   end