當用戶在已登入狀態下，也可以更改password。 利用Django 內建的django.contrib.auth.forms.PasswordChangeForm可以輕鬆地執行表格。 而backend部份是由兩個functions組成：

• django.contrib.auth.views.password_change
• django.contrib.auth.views.password_change_done

font-end則需要兩個HTML頁面：

• templates/registration/password_change_form.html
• templates/registration/password_change_done.html

---

1. [A schema to the steps] 開始前先了解一下整個更改密碼的程序：

1. urls.py 收到要求打開django.contrib.auth.views.password_change function
2. Django會以function decorators @login_required去確認用戶已登入，並執行下一步
3. auth.views.password_change查核資料正確性，及render django.contrib.auth.password_change_done 但我們會自行寫另一個app.views.changepassworddone，讓更改密碼後自動送出email notification

2. [Set url] 第一步，先到urls.py加入urlspattern：

from django.contrib.auth import views as av
from <app> import views as myviews

urlspattern = [
    ....
    ....
    path('password_change/', av.password_change, name='password_change'),
    path('password_change/done/', myviews.changepassworddone, name='password_change_done'),
]

---

3. [Login_required decorator] @XXXXX 是Python裡面的function wrapper/decorator的意思，詳細內容可以到TheCodeShip參考。 因為password_change 以及password_change_done是需要用戶先登入，所以官方設定它們都有@login_required這個decorator。 詳細有關Password Change的official code，可以在Django Source Code For Auth.Views參考。 由於我們是用預設的auth.views去執行password_change，所以我們不用親自再寫，只需要配合用上@login_required就可以了。 到settings.py加上：

LOGIN_URL = 'login'

這樣就完成了第二步。

---

4. [Create template] 建立templatesregistration/password_change_form.html，以及registration/password_change_done.html。 password_change_form.html：

{% extends 'base.html' %}
{% block content %}
<form method='POST'>
{% for field in form %}
    <label for={{ field.name }}>{{ field.label_tag }}</label> {{ field }}
    {% if {{ field.help_text }} %}
        {{ field.help_text }}
    {% endif %}
{% endfor %}
<input type='submit' value='Change Password'>
</form>
{% endblock %}

password_change_done.html：

{% extends 'base.html' %}
{% block content %}
<span>Your password is changed successfully</span>
{% endblock %}

---

5. [View function for email notification] 如果step 1 的urlspattern是使用av.password_change_done，其實已經完成了。 但因為我們要做一個可以發送email的版本，該用戶知道密碼被更改了， 所以要到app.views.py建立function - changepassworddone以及修改sendmail：

from django.contrib.auth.decorators import login_required
from django.template.loader import render_to_string
from django.core.mail import send_mail

@login_required
def changepassworddone(request):
    title = 'changepassword'
    sendmail(request, title)
    return render(request, 'registration/password_change_done.html', context=None)

def sendmail(request, title):
    email_title = title
    recipient = request.user.email
    if email_title = 'changepassword':
        email_content = render_to_string('registration/changepassword_email.txt', {'username':request.user.username})
    send_mail(
        email_title,
        ‘’,
        '<youremail@email.com>',
        [recipient,],
        html_message=email_content
    )

---

6. [Email template] 最後是建立一個email內容的template，registration/changepassword_email.txt：

{% autoescape off %}
Hi {{ username }}! 
Your password is successfully changed recently!
If this is you, please ignore this email.
Otherwise, you are strongly recommended to reset your password on our site.

Thank you.
xxx Team
{% endautoescape %}

Done!