has_one, reject_if, and accept_nested_attributes still fails validation

Problem

What I wanted to accomplish in my form was allowing an Account to manage a Devise user account.

Parent model code:

class Account
  has_one :service_user

  accepts_nested_attributes_for :web_service_user, :allow_destroy => true, :reject_if => :password_not_specified, :update_only => true

  def password_not_specified(attributes)
    attributes[:password].blank?
  end
end
Child model code:

class ServiceUser
  devise :database_authenticatable

  belongs_to :account

  validates_uniqueness_of :username
  validates_presence_of :password, if: Proc.new{|su| !username.blank? }
end

Controller code:

def update
  respond_to do |format|
    if @licensee.update(account_params)
  #etc...
end

private
def account_params
  params.require(:account).permit(:name, :address1, :address2, :city, :state_code, :zip, :website_url, :service_user_attributes => [:id, :username, :password, :_destroy])
end

Solution:

Password, unfortunately, doesn't exist in the Devise model, but it does exist when setting the password, so I validate the length instead if the password is not nil.

class ServiceUser
  devise :database_authenticatable

  belongs_to :account

  validates_uniqueness_of :username
  validates_length_of :password, :minimum => 14, if: Proc.new { |u| !u.password.nil? }
end