diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index 35cc51d5b1a9ab8dcca4e6503d8c1818597d7081..a46793f6b4c4c58f3dfa65b749027a29bc0e1959 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -21,6 +21,7 @@ Added
* Allow configuring regex for allowed usernames
* [Dev] Support scheduled notifications.
* Implement StaticContentWidget
+* Allow to enable password change independently of password reset
Changed
~~~~~~~
diff --git a/aleksis/core/preferences.py b/aleksis/core/preferences.py
index 352d5480d179189ad1c92ffd9d44c69fb63732af..78b1874356a3a11eab121a56963c9aaf3595d872 100644
--- a/aleksis/core/preferences.py
+++ b/aleksis/core/preferences.py
@@ -271,6 +271,14 @@ class AllowPasswordChange(BooleanPreference):
verbose_name = _("Allow users to change their passwords")
+@site_preferences_registry.register
+class AllowPasswordReset(BooleanPreference):
+ section = auth
+ name = "allow_password_reset"
+ default = True
+ verbose_name = _("Allow users to reset their passwords")
+
+
@site_preferences_registry.register
class SignupEnabled(BooleanPreference):
section = auth
diff --git a/aleksis/core/templates/two_factor/core/login.html b/aleksis/core/templates/two_factor/core/login.html
index 819b209979796b358538d22dcf89cf07abec0cbf..77b135569d797181a45bd49d7fd7e9cded4e9a5c 100644
--- a/aleksis/core/templates/two_factor/core/login.html
+++ b/aleksis/core/templates/two_factor/core/login.html
@@ -95,7 +95,7 @@
{% trans "Login" %}
<i class="material-icons right">send</i>
</button>
- {% if request.site.preferences.auth__allow_password_change and wizard.steps.current == "auth" %}
+ {% if request.site.preferences.auth__allow_password_reset and wizard.steps.current == "auth" %}
<a href="{% url "account_reset_password" %}" class="btn-flat right waves-effect waves-red">
{% trans "Reset password" %}
</a>
diff --git a/aleksis/core/urls.py b/aleksis/core/urls.py
index c91bae7f29c978d30e96361f92213eec7c5679d1..0795dfa93f3aaf106abe7db43a3af2371b566b10 100644
--- a/aleksis/core/urls.py
+++ b/aleksis/core/urls.py
@@ -30,6 +30,11 @@ urlpatterns = [
views.CustomPasswordChangeView.as_view(),
name="account_change_password",
),
+ path(
+ "accounts/password/reset/",
+ views.CustomPasswordResetView.as_view(),
+ name="account_reset_password",
+ ),
path("accounts/", include("allauth.urls")),
path("invitations/send-invite", views.InvitePerson.as_view(), name="invite_person"),
path(
diff --git a/aleksis/core/views.py b/aleksis/core/views.py
index 00c95c47d139f28a6be7ca761580b96d98b9da40..789410c80f0eaf8aa8d7c7302f701e08e1432276 100644
--- a/aleksis/core/views.py
+++ b/aleksis/core/views.py
@@ -36,7 +36,7 @@ from django.views.generic.list import ListView
import reversion
from allauth.account.utils import _has_verified_for_login, send_email_confirmation
-from allauth.account.views import PasswordChangeView, SignupView
+from allauth.account.views import PasswordChangeView, SignupView, PasswordResetView
from allauth.socialaccount.adapter import get_adapter
from allauth.socialaccount.models import SocialAccount
from celery_progress.views import get_progress
@@ -1369,6 +1369,20 @@ class CustomPasswordChangeView(PermissionRequiredMixin, PasswordChangeView):
super().__init__(*args, **kwargs)
+class CustomPasswordResetView(PermissionRequiredMixin, PasswordResetView):
+ """Custom password reset view to allow to disable resetting of password."""
+
+ permission_required = "core.can_reset_password"
+
+ def __init__(self, *args, **kwargs):
+ if get_site_preferences()["auth__allow_password_reset"]:
+ self.template_name = "account/password_reset.html"
+ else:
+ self.template_name = "account/password_change_disabled.html"
+
+ super().__init__(*args, **kwargs)
+
+
class SocialAccountDeleteView(DeleteView):
"""Custom view to delete django-allauth social account."""