Closed lukavdplas closed 6 months ago
Suggestion: leave the actual functionality to the Django admin, where you can get this for cheap, and only place a link to the password management admin page in the frontend. This might require automatically giving "staff status" to new users, but that is safe because it does not entail any permissions other than changing your password.
Allow users to change their password or send a "forgot password" email. (You can also only do "forgot password" since that also allows users to pick a new password.)