Simplify password validation

Partially cherry-picked from 362bdc3a

src/api/app/models/user.rb

@@ -362,10 +362,10 @@ class User < ActiveRecord::Base
 
     # check that the password hash type has not been set if no new password
     # has been provided
-    if @new_hash_type and (!@new_password or password.nil?)
+    return unless @new_hash_type && (!@new_password || password.nil?)
+
     errors.add(:password_hash_type, 'cannot be changed unless a new password has been provided.')
   end
-  end
 
   validates :login, :email, :password, :password_hash_type, :state,
             presence: { message: 'must be given' }