Join us and get access to thousands of tutorials and a community of expert Pythonistas.

Unlock This Lesson

This lesson is for members only. Join us and get access to thousands of tutorials and a community of expert Pythonistas.

Unlock This Lesson

Managing Passwords

In this lesson, you can try to access the password change form without logging in by visiting

00:00 Password Management. At some point, your users might want to change their passwords. Instead of making them ask the admin to do it for them, you can add a password change form to your application.

00:14 Django needs two templates to make this work: the password_change_form to display the password change form and password_change_done to show a confirmation that the password was successfully changed.

00:29 Let’s get started with a password change form.

00:44 This template looks almost the same as the login template you created earlier on, but this time Django will put a password change form here, not a login form, so the browser will display it differently.

01:09 The other template that’s needed is password_change_done, as seen on-screen.

01:27 This will reassure your users that a password change was successful and let them go back to the dashboard. The dashboard would be a perfect place to include a link to your newly created password change form. You just have to make sure it’s shown to logged in users only.

01:58 If you follow the link in your browser, you should see the form that’s seen on-screen. Go ahead and test this. Change the password, log out, and then log back in again.

02:16 You can also try to access the password change form without logging in by accessing the URL seen on-screen. Django is clever enough to detect that you should log in first and will automatically redirect you to the login page.

02:31 Mistakes happen to all of us, and every now and then, somebody might forget their password. Your Django user management system should handle that situation too.

02:41 This functionality is a bit more complicated because in order to deliver password reset links, your application needs to send emails. Don’t worry. You won’t have to configure your own email server. Django provides an alternative email backend, which passes the contents of any email to the console, allowing you to see what would have been sent.

03:03 To enable this, make the changes seen on-screen to Django needs two templates for sending password reset links. The password reset form displays the form used to request a password reset email. password_reset_done shows a confirmation that a password reset email was sent.

03:34 They’ll be very similar to the password change templates you created earlier. Start with the form.

04:19 Next, add the confirmation template.

04:46 It’s also a good idea to include the link to the password reset form on the login page. Your newly created password reset form should look as seen on-screen. Type in the admin email address and press Reset.

05:14 In the terminal running Django, you should see a message similar to the one seen on-screen. This is the content of an email that would be sent to your admin.

05:23 It contains information about the application that sent it plus a password reset link. In the next section, you’ll see how to create the templates needed for the links and emails to work.

Avatar image for abv042179

abv042179 on Jan. 14, 2023

When loading ->, the Django admin password change form loads into my browser instead of the form I created. Any idea what is going on here?

Avatar image for abv042179

abv042179 on Jan. 14, 2023

The same is happening with the password_reset form :(

Avatar image for Darren Jones

Darren Jones RP Team on Jan. 17, 2023

@abv042179 - Without seeing your complete setup, my suspicion is that the forms you’ve created are in the wrong place (so Django is falling back to the admin forms you’ve seen). The full path to the forms should be

{project folder}\awesome_website\users\templates\registration\{file_name}

I’ve just tested this by removing the password_change_form.html file from my setup, and it then reverts back to the admin change form.

Avatar image for abv042179

abv042179 on Feb. 3, 2023

Just saw this message. Thanks for getting back to me :) I believe the problem was the order in which I had my “installed apps” listed in my if I remember correctly. Or maybe I’m thinking of a different issue I ran into along the way…

Avatar image for melissac

melissac on April 9, 2023

@abv042179 Thank you for commenting your solution. I was having the same issue and tried everything. My issue turned out to be the same as yours. I moved ‘users’ to the top of my INSTALLED_APPS and lo and behold, it works!

Avatar image for melissac

melissac on April 9, 2023

If anyone is struggling with the email not showing up in the shell- make sure you actually have an email entered with your user account! In either this video series or the Django intro series, the teacher skipped adding an email and I did as well. When doing this step, I realized that if you don’t have an email address, Django will not alert you with an error. It just quietly doesn’t send an email address. Problem solved by using the Django Admin page to edit my user account to include an email address. This is good practice!

Avatar image for Darren Jones

Darren Jones RP Team on April 12, 2023

As melissac correctly states, you do need to have an email address as part of your account for the emails to work. Throughout this particular course I was using the superuser account, which was set up with an email address as seen in lesson 1 at around 03:30. However, it is possible to set up other accounts without an email, so make sure you’ve done this (or use the superuser account where you will have been prompted to add an email during the creation process).

Avatar image for Shahid Nawaz Khan

Shahid Nawaz Khan on June 28, 2023

Hi. I have one question. I did not face any error but just curious. in the dashboard we used password_change as url but the template name is password_change_form. How it recognize it?

Avatar image for Darren Jones

Darren Jones RP Team on July 7, 2023

@Shahid Nawaz Khan the URLs are part of Django’s built-in django.contrib.auth.views which are being utilised. The Django source code is generally pretty friendly, and if you have a look here [1] you can see that the template names are in the views that are defined in there.

[1] -

Avatar image for Mohammad Yusuf

Mohammad Yusuf on Sept. 28, 2023

So, Django looks for the templates in the order in which apps are registered in INSTALLED_APPS list?

APP_NAME/templates -> In this directory, if a use a folder name which Django uses internally for some other template, does my template override Django built-in template?

Become a Member to join the conversation.