Changing password doesn't work for non-admin users

It seems that there is an issue with the current master that has somehow been introduced recently: When a user that is **not** in the admin group tries to change his password on the personal page, a 403 response is returned on the ajax call and the password change is unsuccessful.
