Add encrypted password output in the superuser API

When creating a user or changing their password, we now also return an encrypted form of the password, so API callers can pass it along

test/test_api_usage.py

@@ -2903,6 +2903,17 @@ class TestSuperUserManagement(ApiTestCase):
     # Verify the user no longer exists.
     self.getResponse(SuperUserManagement, params=dict(username = 'freshuser'), expected_code=404)
 
+  def test_change_user_password(self):
+    self.login(ADMIN_ACCESS_USER)
+
+    # Verify the user exists.
+    json = self.getJsonResponse(SuperUserManagement, params=dict(username = 'freshuser'))
+    self.assertEquals('freshuser', json['username'])
+    self.assertEquals('jschorr+test@devtable.com', json['email'])
+
+    # Update the user.
+    json = self.putJsonResponse(SuperUserManagement, params=dict(username='freshuser'), data=dict(password='somepassword'))
+    self.assertTrue('encrypted_password' in json)
 
   def test_update_user(self):
     self.login(ADMIN_ACCESS_USER)
@@ -2913,7 +2924,8 @@ class TestSuperUserManagement(ApiTestCase):
     self.assertEquals('jschorr+test@devtable.com', json['email'])
 
     # Update the user.
-    self.putJsonResponse(SuperUserManagement, params=dict(username='freshuser'), data=dict(email='foo@bar.com'))
+    json = self.putJsonResponse(SuperUserManagement, params=dict(username='freshuser'), data=dict(email='foo@bar.com'))
+    self.assertFalse('encrypted_password' in json)
 
     # Verify the user was updated.
     json = self.getJsonResponse(SuperUserManagement, params=dict(username = 'freshuser'))