I have been working on the soap client ,It is wonder that in the change password method takes three arguments userid,oldPassword,newPassword but in the implementation of remote-api there is no validation provided for the old-password.
I have the same problem in 3.0 Ent. After managing to create a user using POST /api/people there is no password assigned to the new account therefore POST /api/person/changepassword/USER_NAME won't work since it's not accepting null values for oldpw. Is there a work around? It would be much easier and less code if setting password allowed in the POST /api/people (save lines in the code). This is a candidate for customisation.
Update1: We got stuck! After managing new user account creation via REST API POST/api/people we tried to change new account's password in JSF to test. What we got was a messsage that such user doesn't exist even though account is listed. Presumably this is to do with user account vs. person in Alfresco. We are abandoning and trying another approach namely use of invite API instead.
