Fix password reset/change mechanic after devise change

There are three endpoints:

%> bundle exec rails routes | grep password

You can generate a token, send a reset email, and update a password:

POST /api/auth/password/update?reset_password_token=

{
  "password": "applesauce",
  "password_confirmation": "applesauce"
}

Closes #972 (closed)