Django Reset Admin Password

The admin’s recommended use is limited to an organization’s internal management tool. It’s not intended for building your entire front end around.

Adding a password reset feature in django

note

reset

You can add a password reset feature to the admin site by adding a few lines to your URLconf. Specifically, add these four patterns:

from django.contrib import admin
from django.contrib.auth import views as auth_views

path(
    "password_reset/",
    auth_views.PasswordResetView.as_view(
        extra_context={"site_header": admin.site.site_header}
    ),
    name="admin_password_reset",
),
path(
    "password_reset/done/",
    auth_views.PasswordResetDoneView.as_view(
        extra_context={"site_header": admin.site.site_header}
    ),
    name="password_reset_done",
),
path(
    "reset/<uidb64>/<token>/",
    auth_views.PasswordResetConfirmView.as_view(
        extra_context={"site_header": admin.site.site_header}
    ),
    name="password_reset_confirm",
),
path(
    "reset/done/",
    auth_views.PasswordResetCompleteView.as_view(
        extra_context={"site_header": admin.site.site_header}
    ),
    name="password_reset_complete",
),

(This assumes you’ve added the admin at admin/ and requires that you put the URLs starting with ^admin/ before the line that includes the admin app itself).

The presence of the admin_password_reset named URL will cause a “forgotten your password?” link to appear on the default admin log-in page under the password box.

---

Django Hardening

To dynamically adjust the admin URL based on the DEBUG setting and include the password reset URLs with dynamic admin URLs, you can structure your urlpatterns as follows:

settings.py

BasicAdvanced

from django.conf import settings
from django.contrib import admin
from django.urls import path, include
from django.contrib.auth import views as auth_views

urlpatterns = []

# Check if DEBUG mode is enabled
if settings.DEBUG:
    admin_url = 'admin/'  # Use 'admin/' in DEBUG mode
else:
    admin_url = 'utd-admin/'  # Use 'utd-admin/' in production

# Admin URLs
urlpatterns += [
    path(admin_url, admin.site.urls),
]

# Password reset URLs
urlpatterns += [
    path(
        'password_reset/',
        auth_views.PasswordResetView.as_view(
            extra_context={"site_header": admin.site.site_header}
        ),
        name="admin_password_reset",
    ),
    path(
        'password_reset/done/',
        auth_views.PasswordResetDoneView.as_view(
            extra_context={"site_header": admin.site.site_header}
        ),
        name="password_reset_done",
    ),
    path(
        'reset/<uidb64>/<token>/',
        auth_views.PasswordResetConfirmView.as_view(
            extra_context={"site_header": admin.site.site_header}
        ),
        name="password_reset_confirm",
    ),
    path(
        'reset/done/',
        auth_views.PasswordResetCompleteView.as_view(
            extra_context={"site_header": admin.site.site_header}
        ),
        name="password_reset_complete",
    ),
]

# Include Django auth URLs if needed
# urlpatterns += [
#     path('accounts/', include('django.contrib.auth.urls')),
# ]

# Your other urlpatterns...

from django.conf import settings
from django.contrib import admin
from django.urls import path, include, re_path
from django.views.static import serve
from django.contrib.auth import views as auth_views
from django.conf.urls.static import static
from views.home_views import HomeView

urlpatterns = [
    path('', HomeView.as_view(), name='home'),
    path('about/', include('myapps.abouts.urls')),
    path('fixture/', include('myapps.fixtures.urls')),
    path('news/', include('myapps.news.urls')),
    path('gallery/', include('myapps.galleries.urls')),
    path('contact/', include('myapps.contacts.urls')),
    path('tinymce/', include('tinymce.urls')),
]

# Check if DEBUG mode is enabled
if settings.DEBUG:
    admin_url = 'utd-admin/'  # Use 'utd-admin/' in DEBUG mode
    urlpatterns += static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT)
    urlpatterns += [path('__debug__/', include('debug_toolbar.urls'))]
else:
    admin_url = 'admin/'  # Use 'admin/' in production
    urlpatterns += [
        re_path(r'^static/(?P<path>.*)$', serve, {'document_root': settings.STATIC_ROOT}),
        re_path(r'^media/(?P<path>.*)$', serve, {'document_root': settings.MEDIA_ROOT}),
    ]

# Admin URLs
urlpatterns += [
    path(admin_url, admin.site.urls),
    path(
        'password_reset/',
        auth_views.PasswordResetView.as_view(
            extra_context={"site_header": admin.site.site_header}
        ),
        name="admin_password_reset",
    ),
    path(
        'password_reset/done/',
        auth_views.PasswordResetDoneView.as_view(
            extra_context={"site_header": admin.site.site_header}
        ),
        name="password_reset_done",
    ),
    path(
        'reset/<uidb64>/<token>/',
        auth_views.PasswordResetConfirmView.as_view(
            extra_context={"site_header": admin.site.site_header}
        ),
        name="password_reset_confirm",
    ),
    path(
        'reset/done/',
        auth_views.PasswordResetCompleteView.as_view(
            extra_context={"site_header": admin.site.site_header}
        ),
        name="password_reset_complete",
    ),
]

In this setup:

• If DEBUG mode is enabled, the admin URLs will be under 'admin/'.
• If DEBUG mode is disabled, the admin URLs will be under 'utd-admin/'.
• The password reset URLs are constructed dynamically based on the admin URL chosen.

This setup provides flexibility in defining the admin URL based on the deployment environment while keeping the password reset URLs consistent with the chosen admin URL.

---

Reference

• django reset password only in admin: stackoverflow
• password reset: django 3.2
• password reset: django 5.0