Django Password Reset

🔐 What is Password Reset?

Django's password reset feature allows users to securely recover their accounts via email. It generates unique tokens and sends reset links automatically, making account recovery simple and secure.


# Django provides built-in password reset views
from django.contrib.auth import views as auth_views

urlpatterns = [
    path('password-reset/', auth_views.PasswordResetView.as_view(), name='password_reset'),
]

Password Reset Flow

Django's password reset process involves four main steps that work together to securely verify users and update their passwords. Each step has a dedicated view and template for a smooth user experience.

📧

Request Reset

User enters email address

PasswordResetView

✉️

Email Sent

Confirmation message displayed

PasswordResetDoneView

🔑

Reset Password

User enters new password

PasswordResetConfirmView

✅

Complete

Success confirmation shown

PasswordResetCompleteView

🔹 Configure URLs

Add password reset URLs to your project's urls.py file:

# urls.py
from django.contrib.auth import views as auth_views
from django.urls import path

urlpatterns = [
    # Password reset request
    path('password-reset/', 
         auth_views.PasswordResetView.as_view(
             template_name='password_reset.html'
         ), 
         name='password_reset'),
    
    # Email sent confirmation
    path('password-reset/done/', 
         auth_views.PasswordResetDoneView.as_view(
             template_name='password_reset_done.html'
         ), 
         name='password_reset_done'),
    
    # Reset form with token
    path('password-reset-confirm/<uidb64>/<token>/', 
         auth_views.PasswordResetConfirmView.as_view(
             template_name='password_reset_confirm.html'
         ), 
         name='password_reset_confirm'),
    
    # Success message
    path('password-reset-complete/', 
         auth_views.PasswordResetCompleteView.as_view(
             template_name='password_reset_complete.html'
         ), 
         name='password_reset_complete'),
]

🔹 Create Reset Form Template

Create a simple form where users can enter their email:

<!-- templates/password_reset.html -->
<h2>Reset Password</h2>
<form method="post">
    {% csrf_token %}
    {{ form.as_p }}
    <button type="submit">Send Reset Email</button>
</form>

Output:

Reset Password

🔹 Configure Email Settings

Set up email backend in settings.py to send reset emails:

# settings.py
# For development (prints to console)
EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'

# For production (use real SMTP)
EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
EMAIL_HOST = 'smtp.gmail.com'
EMAIL_PORT = 587
EMAIL_USE_TLS = True
EMAIL_HOST_USER = '[email protected]'
EMAIL_HOST_PASSWORD = 'your-app-password'
DEFAULT_FROM_EMAIL = '[email protected]'

🔹 Create Confirmation Templates

Add templates for the remaining steps:

🔸 Email Sent Confirmation

<!-- templates/password_reset_done.html -->
<h2>Check Your Email</h2>
<p>We've sent password reset instructions to your email.</p>

🔸 New Password Form

<!-- templates/password_reset_confirm.html -->
<h2>Enter New Password</h2>
<form method="post">
    {% csrf_token %}
    {{ form.as_p }}
    <button type="submit">Reset Password</button>
</form>

🔸 Success Message

<!-- templates/password_reset_complete.html -->
<h2>Password Reset Complete</h2>
<p>Your password has been reset successfully!</p>
<a href="{% url 'login' %}">Log in</a>

🔐 What is Password Reset?

Password Reset Flow

Request Reset

Email Sent

Reset Password

Complete

🔹 Configure URLs

🔹 Create Reset Form Template

Output:

Reset Password

🔹 Configure Email Settings

🔹 Create Confirmation Templates

🔸 Email Sent Confirmation

🔸 New Password Form

🔸 Success Message

🧠 Test Your Knowledge

Which view handles the initial password reset request?