fix user password field to not accidentally re-encrypt itself on save

currently this is flagged manually in one place, but there's no reason not to
let the user model handle it. this way, you can update your user model from a
console or some other area without accidentally changing your password.

app/controllers/users_controller.rb

@@ -29,10 +29,8 @@ class UsersController < ApplicationController
 
     if user
       user.skip_user_id_assign = true
-      user.skip_hash_password = true
       user.update_attributes(user_params_without_password)
-      if !(params[:user][:password].empty?) && (params[:user][:password] == params[:user][:password_confirmation])
+      if params[:user][:password].present? && (params[:user][:password] == params[:user][:password_confirmation])
-        user.skip_hash_password = false
         user.password = params[:user][:password]
       end
       message = true if user.save!

app/models/user.rb

@@ -11,7 +11,6 @@ class User < ApplicationRecord
   validates_uniqueness_of :email
   validates_format_of :email, :with => /.+@.+\..+/i
   attr_accessor :skip_user_id_assign
-  attr_accessor :skip_hash_password
   before_save :assign_user_id, :on => :create
   before_save :hash_password
   has_one :retirement, :foreign_key => :user_id, :primary_key => :user_id, :dependent => :destroy
@@ -70,12 +69,10 @@ class User < ApplicationRecord
   end
 
   def hash_password
-    unless @skip_hash_password == true
+    if password.present? && password_changed?
-      if password.present?
       self.password = Digest::MD5.hexdigest(password)
     end
   end
-  end
 
   def generate_token(column)
     begin