add change other user password ability to superusers

accounts/templates/profile.html

@@ -18,7 +18,7 @@
                 <div class="col-lg-12">
                     <h3 class="page-header">{% trans "Edit Profile" %}</h3>
                     {% if perms.accounts.change_password %}
-                        <a href="{% url 'change_password' %}" class="btn btn-primary">{% icon 'lock' %} {% trans "Change Password" %}</a>
+                        <a href="{% url 'change_password' %}" class="ml-3 btn btn-primary">{% icon 'lock' %} {% trans "Change Password" %}</a>
                     {% endif %}
                     <form method="post" action="" role="form" aria-label="Edit user info form">{% csrf_token %}
                         <div class="form-group">

admin/forms.py

@@ -1,5 +1,8 @@
 from django import forms
 from django.contrib.auth.models import Group, User
+from django.contrib.auth.forms import ReadOnlyPasswordHashField
+from django.urls import reverse_lazy
+from django.utils.text import format_lazy
 from django.utils.translation import ugettext_lazy as _
 
 from accounts.models import UserAttributes
@@ -68,6 +71,16 @@ class UserForm(forms.ModelForm):
             'is_superuser',
         ]
 
+    def __init__(self, *args, **kwargs):
+        super(UserForm, self).__init__(*args, **kwargs)
+        password = ReadOnlyPasswordHashField(label=_("Password"),
+            help_text=format_lazy(_("""Raw passwords are not stored, so there is no way to see
+                this user's password, but you can change the password
+                using <a href='{}'>this form</a>."""),
+                reverse_lazy('admin:user_update_password', args=[self.instance.id,]))
+        )
+        self.fields['Password'] = password
+
 
 class UserCreateForm(UserForm):
     password = forms.CharField(widget=forms.PasswordInput)

admin/urls.py

@@ -1,5 +1,4 @@
 from django.urls import path
-from django.contrib.auth.views import PasswordChangeView, PasswordChangeDoneView
 
 from . import views
 
@@ -10,6 +9,7 @@ urlpatterns = [
     path('groups/<int:pk>/delete/', views.group_delete, name='group_delete'),
     path('users/', views.user_list, name='user_list'),
     path('users/create/', views.user_create, name='user_create'),
+    path('users/<int:pk>/update_password/', views.user_update_password, name='user_update_password'),
     path('users/<int:pk>/update/', views.user_update, name='user_update'),
     path('users/<int:pk>/delete/', views.user_delete, name='user_delete'),
     path('users/<int:pk>/block/', views.user_block, name='user_block'),

admin/views.py

@@ -1,4 +1,7 @@
 from django.conf import settings
+from django.contrib import messages
+from django.contrib.auth import update_session_auth_hash
+from django.contrib.auth.forms import AdminPasswordChangeForm
 from django.contrib.auth.models import Group, User
 from django.core.paginator import Paginator
 from django.shortcuts import get_object_or_404, redirect, render
@@ -133,6 +136,29 @@ def user_update(request, pk):
         },
     )
 
+@superuser_only
+def user_update_password(request, pk):
+    user = get_object_or_404(User, pk=pk)
+    if request.method == 'POST':
+        form = AdminPasswordChangeForm(user, request.POST)
+        if form.is_valid():
+            user = form.save()
+            update_session_auth_hash(request, user)  # Important!
+            messages.success(request, _('User password changed: {}'.format(user.username)))
+            return redirect('admin:user_list')
+        else:
+            messages.error(request, _('Wrong Data Provided'))
+    else:
+        form = AdminPasswordChangeForm(user)
+
+    return render(
+        request,
+        'accounts/change_password_form.html',
+        {
+            'form': form,
+            'user': user.username
+        }
+    )
 
 @superuser_only
 def user_delete(request, pk):