0
0
DjangoHow-ToBeginner · 4 min read

How to Implement Password Reset in Django: Step-by-Step Guide

To implement password reset in Django, use the built-in PasswordResetView, PasswordResetConfirmView, and related views with configured email settings. These views handle sending reset emails, verifying tokens, and allowing users to set new passwords securely.
📐

Syntax

Django provides several class-based views to handle password reset flow:

  • PasswordResetView: Sends password reset email.
  • PasswordResetDoneView: Shows confirmation after email sent.
  • PasswordResetConfirmView: Lets user enter new password using token.
  • PasswordResetCompleteView: Shows success message after reset.

These views are used in URL patterns and require email backend configuration.

python
from django.urls import path
from django.contrib.auth import views as auth_views

urlpatterns = [
    path('password_reset/', auth_views.PasswordResetView.as_view(), name='password_reset'),
    path('password_reset/done/', auth_views.PasswordResetDoneView.as_view(), name='password_reset_done'),
    path('reset/<uidb64>/<token>/', auth_views.PasswordResetConfirmView.as_view(), name='password_reset_confirm'),
    path('reset/done/', auth_views.PasswordResetCompleteView.as_view(), name='password_reset_complete'),
]
💻

Example

This example shows a minimal setup for password reset in Django including URL patterns, email backend settings, and templates.

Users can request a reset link by entering their email, receive the link, and set a new password securely.

python/html
# settings.py
EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'

# urls.py
from django.urls import path
from django.contrib.auth import views as auth_views

urlpatterns = [
    path('password_reset/', auth_views.PasswordResetView.as_view(template_name='password_reset_form.html'), name='password_reset'),
    path('password_reset/done/', auth_views.PasswordResetDoneView.as_view(template_name='password_reset_done.html'), name='password_reset_done'),
    path('reset/<uidb64>/<token>/', auth_views.PasswordResetConfirmView.as_view(template_name='password_reset_confirm.html'), name='password_reset_confirm'),
    path('reset/done/', auth_views.PasswordResetCompleteView.as_view(template_name='password_reset_complete.html'), name='password_reset_complete'),
]

# password_reset_form.html
<form method="post">{% csrf_token %}
  <label for="email">Email:</label>
  <input type="email" name="email" required>
  <button type="submit">Reset Password</button>
</form>
Output
When a user submits their email, Django prints the reset email with a link in the console (due to console email backend). The user clicks the link, sets a new password, and sees a success message.
⚠️

Common Pitfalls

  • Not configuring EMAIL_BACKEND properly causes no email to be sent.
  • Missing URL patterns for all reset views breaks the flow.
  • Not providing templates for each view leads to errors or default ugly pages.
  • Using insecure or debug email backends in production leaks sensitive info.
  • Forgetting to include uidb64 and token in reset confirm URL causes token validation failure.
python
## Wrong URL pattern missing token parameters
path('reset/', auth_views.PasswordResetConfirmView.as_view(), name='password_reset_confirm'),

## Correct URL pattern with token parameters
path('reset/<uidb64>/<token>/', auth_views.PasswordResetConfirmView.as_view(), name='password_reset_confirm'),
📊

Quick Reference

StepDescriptionKey Detail
1Add URL patterns for all password reset viewsInclude uidb64 and token in confirm URL
2Configure email backendUse console backend for testing, SMTP for production
3Create templates for each viewCustomize forms and messages for better UX
4Test full flowRequest reset, receive email, set new password
5Secure deploymentUse secure email settings and HTTPS

Key Takeaways

Use Django's built-in password reset views and URL patterns for secure implementation.
Configure an email backend to send reset links; console backend works for testing.
Always include uidb64 and token in the reset confirm URL pattern.
Provide custom templates for better user experience during the reset process.
Test the entire password reset flow before deploying to production.

Related by keyword

How to Create a Django App: Step-by-Step GuideGetting StartedHow to Create a Django Project: Step-by-Step GuideGetting StartedHow to Install Django: Step-by-Step Guide for BeginnersGetting StartedHow to Create Custom Migration in Django: Step-by-Step GuideMigrationsHow to Create Migration in Django: Step-by-Step GuideMigrations

Up next

What is Form in Django: Explanation and ExampleWhat is ModelForm in Django: Simple Explanation and ExampleAPIView vs ViewSet in DRF: Key Differences and UsageFunction Based vs Class Based Views in Django REST Framework

More in Authentication

AbstractUser vs AbstractBaseUser Django: Key Differences and UsageHow to Authenticate with JWT in Django: Simple GuideHow to Create a Custom User Model in DjangoHow to Create a Login View in Django Quickly and Easily