Here's routes with -v as well as the route manually defined at the bottom (manual_check_password_user). The route at the bottom matches, and I thought it should be the same as route "check_password_user":
/api/2/domain/:domainid/project/:projid/user .... * api2domaindomainidprojectprojiduser ^/api/2/domain/([^\/\.]+)/project/([^\/\.]+)/user
+/ .... POST "create_user" ^(?:\.([^/]+)$)?
+/ .... GET "list_user" ^(?:\.([^/]+)$)?
+/:userid .... * userid ^/([^\/\.]+)
+/ .... GET "show_user" ^(?:\.([^/]+)$)?
+/ .... DELETE "delete_user" ^(?:\.([^/]+)$)?
+/ .... PUT "update_user" ^(?:\.([^/]+)$)?
+/password .... * password ^/password
+/:password .... GET "check_password_user" ^/([^\/\.]+)
+/validate/:pw_b64 .... GET "validate_password_user" ^/validate/([^\/\.]+)
+/change/:current_b64/:new_b64 .... PUT "change_password_user" ^/change/([^\/\.]+)/([^\/\.]+)
+/reset .... PUT "reset_password_user" ^/reset(?:\.([^/]+)$)?
/api/2/domain/:domainid/project/:projid/user/:userid/password/:password .... GET "manual_check_password_user" ^/api/2/domain/([^\/\.]+)/project/([^\/\.]+)/user/([^\/\.]+)/password/([^\/\.]+)(?:\.([^/]+)$)?