сделал частично работающую смену пароля

templates/account/change-password.html

@@ -0,0 +1,25 @@
+{% extends 'account/register.html' %}
+{% load static %}
+
+{% block title %} Смена пароля {% endblock %}
+
+{% block header-title %} Смена пароля {{ target_user.login }} {% endblock %}
+
+{% block content %}
+<div id="form-wrapper">
+    <form method="POST">
+        {% csrf_token %}
+
+        {% for field in form %}
+        <div class="form-row">
+            {{ field.label_tag }} {{ field }}
+            {{ field.errors }}
+        </div>
+        {% endfor %}
+
+        <div class="form-row">
+            <input id="submit" type="submit" value="Подтвердить">
+        </div>
+    </form>
+</div>
+{% endblock %}

templates/account/list.html

@@ -44,7 +44,7 @@
         <tbody>
         {% for u in users %}
         <tr>
-            <td><a href="{% url 'account-view' %}?username={{ u.login }}"> {{ u.login }} </a></td>
+            <td><a href="{% url 'account-view' u.login %}"> {{ u.login }} </a></td>
             <td>{{ u.is_superuser }}</td>
             <td>{{ u.last_login }}</td>
             <td>{{ u.last_password_change }}</td>

templates/account/register.html

@@ -82,7 +82,7 @@
         {% endfor %}
 
         <div class="form-row">
-            <input id="submit" type="submit" value="Зарегистрировать">
+            <input id="submit" type="submit" value="{% block form-submit-text %}Зарегистрировать{% endblock %}">
         </div>
     </form>
 </div>

templates/account/view.html

@@ -14,11 +14,13 @@
 {% endblock %}
 
 {% block content %}
+<p><a href="{% url 'index' %}" class="value-good">Вернуться на главную</a></p>
+
 <p>Статус администратора: {{ view_user.is_superuser }}</p>
 <p>Последний вход: {{ view_user.last_login }}</p>
 <p>Последнее обновление пароля: {{ view_user.last_password_change }}
     {% if perms.users.change_user or view_user.login == user.login %}
-    (<a href="{% url 'change-password' %}">сменить</a>)
+    (<a href="{% url 'change-password' %}?username={{ view_user.login }}">сменить</a>)
     {% endif %}
 </p>
 <p>Зарегистрирован: {{ view_user.registered }}</p>
@@ -27,4 +29,5 @@
 <p><a href="{% url 'delete-account' view_user.login %}" class="value-bad">Удалить аккаунт</a></p>
 {% endif %}
 
+
 {% endblock %}

users/urls.py

@@ -18,12 +18,12 @@ from django.urls import path
 from . import views
 
 urlpatterns = [
-    path('', views.default_view, name='account'),
+    path('', views.view_account, name='account-view'),
     path('register', views.view_register, name='register'),
     path('login', views.view_login, name='login'),
     path('logout', views.view_logout, name='logout'),
     path('list', views.view_list, name='accounts-list'),
-    path('view', views.view_account, name='account-view'),
+    path('view/<str:username>', views.view_account, name='account-view'),
-    path('change-password', views.default_view, name='change-password'),
+    path('change-password', views.view_change_password, name='change-password'),
     path('delete/<str:username>', views.default_view, name='delete-account'),
 ]

users/views.py

@@ -1,9 +1,10 @@
 import os
 
+from django.contrib.auth.forms import PasswordChangeForm
 from django.http import HttpResponse, HttpResponseRedirect, HttpResponseBadRequest, Http404
 from django.shortcuts import render
 # from django.db.models import Manager
-from django.contrib.auth import authenticate, login, logout
+from django.contrib.auth import authenticate, login, logout, update_session_auth_hash
 from django.contrib.auth.decorators import login_required, permission_required
 from .models import User
 from .forms import UserRegisterForm
@@ -54,16 +55,17 @@ def view_login(request):
 
 
 @login_required
-def view_account(request):
+def view_account(request, username=None):
     view_user = request.user
-    if 'username' in request.GET:
+    if username is not None:
-        if request.user.has_perm('users.view_user'):
+        if username != view_user.login:
-            try:
+            if request.user.has_perm('users.view_user'):
-                view_user = User.objects.get_by_natural_key(request.GET['username'])
+                try:
-            except:
+                    view_user = User.objects.get_by_natural_key(username)
-                return Http404()
+                except:
-        else:
+                    return Http404()
-            raise PermissionError()
+            else:
+                raise PermissionError()
     return render(request, 'account/view.html', {'view_user': view_user})
 
 
@@ -78,6 +80,28 @@ def view_register(request):
     return render(request, 'account/register.html', {'form': form})
 
 
+@login_required
+def view_change_password(request):
+    user = request.user
+    if 'username' in request.GET:
+        if request.user.has_perm('users.change_user'):
+            try:
+                user = User.objects.get_by_natural_key(request.GET['username'])
+            except:
+                return Http404()
+        else:
+            raise PermissionError()
+
+    form = PasswordChangeForm(user=user, data=(request.POST or None))
+    if request.method == "POST":
+        if form.is_valid():
+            form.save()
+            update_session_auth_hash(request, form.user)
+            return HttpResponseRedirect('account')
+
+    return render(request, 'account/change-password.html', {'form': form, 'target_user': user})
+
+
 @login_required
 @permission_required(perm='users.view_user', raise_exception=True)
 def view_list(request):