diff --git a/app/dao/users_dao.py b/app/dao/users_dao.py
index 1a240fecc..264481bfe 100644
--- a/app/dao/users_dao.py
+++ b/app/dao/users_dao.py
@@ -7,6 +7,11 @@ from app import db
 from app.models import (User, VerifyCode)
 
 
+def _remove_values_for_keys_if_present(dict, keys):
+    for key in keys:
+        dict.pop(key, None)
+
+
 def create_secret_code():
     return ''.join(map(str, random.sample(range(9), 5)))
 
@@ -16,9 +21,7 @@ def save_model_user(usr, update_dict={}, pwd=None):
         usr.password = pwd
         usr.password_changed_at = datetime.utcnow()
     if update_dict:
-        if update_dict.get('id'):
-            del update_dict['id']
-            update_dict.pop('password_changed_at')
+        _remove_values_for_keys_if_present(update_dict, ['id', 'password', 'password_changed_at'])
         db.session.query(User).filter_by(id=usr.id).update(update_dict)
     else:
         db.session.add(usr)
diff --git a/app/user/rest.py b/app/user/rest.py
index 2e6e6b021..7aee5ac3f 100644
--- a/app/user/rest.py
+++ b/app/user/rest.py
@@ -55,14 +55,10 @@ def create_user():
 def update_user(user_id):
     user_to_update = get_model_users(user_id=user_id)
     req_json = request.get_json()
-    update_dct, errors = user_schema_load_json.load(req_json)
     pwd = req_json.get('password', None)
-    # TODO password validation, it is already done on the admin app
-    # but would be good to have the same validation here.
-    if pwd is not None and not pwd:
-        errors.update({'password': ['Invalid data for field']})
-        raise InvalidRequest(errors, status_code=400)
-    save_model_user(user_to_update, update_dict=update_dct, pwd=pwd)
+    if not pwd:
+        raise InvalidRequest('Invalid entry for password', status_code=400)
+    save_model_user(user_to_update, update_dict=req_json, pwd=pwd)
     return jsonify(data=user_schema.dump(user_to_update).data), 200