POST /auth/execute_reset with empty password crashes seneca

[indr]

seneca-user options

{ autopass: true, mustrepeat: false }

Requests

$ curl -H 'Content-Type: application/json' -v http://localhost:3000/auth/create_reset \
> -d '{"email":"u1@example.com"}'

...

{"ok":true}

$ curl -H 'Content-Type: application/json' -v http://localhoh/execute_reset \
> -d '{"token":"b703781c-5e2f-40f2-981f-86a583b05140"}'
*   Trying ::1...
* Connected to localhost (::1) port 3000 (#0)
> POST /auth/execute_reset HTTP/1.1
> Host: localhost:3000
> User-Agent: curl/7.47.1
> Accept: */*
> Content-Type: application/json
> Content-Length: 48
> 
* upload completely sent off: 48 out of 48 bytes
* Empty reply from server
* Connection #0 to host localhost left intact
curl: (52) Empty reply from server

Server log

Seneca Fatal Error
==================

Message: seneca: Action cmd:change_password,role:user has invalid arguments; The property 'password' is missing and is always required (parent: top level).; arguments were: { role: 'user',
  cmd: 'change_password',
  user: $-/sys/user;id=b0z2ju;{nick:nu1,email:u1@example.com,name:u1,active:true,when:2016-08-03T00:46:59.748Z,salt:elaSr}e}o_`/Y,pass:886,
  password: undefined,
  repeat: undefined,
  salt: undefined }.

Code: act_invalid_args

Details: { pattern: 'cmd:change_password,role:user',
  message: 'The property \'password\' is missing and is always required (parent: top level).',
  msg: 
   { role: 'user',
     cmd: 'change_password',
     user: $-/sys/user;id=b0z2ju;{nick:nu1,email:u1@example.com,name:u1,active:true,when:2016-08-03T00:46:59.748Z,salt:elaSr}e}o_`/Y,pass:886,
     password: undefined,
     repeat: undefined,
     salt: undefined },
  plugin: {} }

...

SENECA TERMINATED (on timeout) at 2016-08-03T00:47:37.978Z.