password change

korabo/urls.py

@@ -23,4 +23,6 @@ urlpatterns = [
     path('admin/', admin.site.urls),
     path("", views.index, name="index"),
     path("event/<int:event_id>", views.event, name="event"),
+    path('change_password/', views.change_password, name='change_password'),
+    path('password_change_done/', views.password_change_done, name='password_change_done')
 ]

web/templates/base.html

@@ -19,6 +19,7 @@
         </div>
         <div style="float:right;">
         <a href="{% url 'index' %}">home</a> |
+        <a href="{% url 'change_password' %}">change password</a> |
         <a href="{% url 'logout' %}">logout</a>
 
         </div>

web/templates/change-password/change_password.html

@@ -0,0 +1,12 @@
+{% extends "base.html" %}
+
+{% block title %}Change Password{% endblock %}
+
+{% block content %}
+  <h2>Change Password</h2>
+  <form method="post">
+    {% csrf_token %}
+    {{ form.as_p }}
+    <button type="submit">Change Password</button>
+  </form>
+{% endblock %}

web/templates/change-password/password_change_done.html

@@ -0,0 +1,7 @@
+{% extends "base.html" %}
+
+{% block title %}Change Password{% endblock %}
+
+{% block content %}
+Success!
+{% endblock %}

web/views.py

@@ -1,8 +1,11 @@
-from django.shortcuts import render
-from web.models import Event, Availability
-from django.shortcuts import get_object_or_404, redirect
 from datetime import timedelta
+from django.contrib.auth import update_session_auth_hash
 from django.contrib.auth.decorators import login_required
+from django.contrib.auth.forms import PasswordChangeForm
+from django.contrib.auth.views import PasswordChangeView
+from django.shortcuts import get_object_or_404, redirect, render
+from django.urls import reverse_lazy
+from web.models import Event, Availability
 
 
 @login_required()
@@ -27,6 +30,21 @@ def index(request):
     return render(request, "index.html", context)
 
 
+def change_password(request):
+    if request.method == 'POST':
+        form = PasswordChangeForm(request.user, request.POST)
+        if form.is_valid():
+            user = form.save()
+            update_session_auth_hash(request, user)
+            return redirect('password_change_done')
+    else:
+        form = PasswordChangeForm(request.user)
+    return render(request, 'change-password/change_password.html', {'form': form})
+
+def password_change_done(request):
+    return render(request, 'change-password/password_change_done.html')
+
+
 @login_required()
 def event(request, event_id):