django-authtools provides several Form classes that mimic the forms in django.contrib.auth.forms, but work better with USERNAME_FIELD and REQUIRED_FIELDS. These forms don’t require the authtools.models.User class in order to work, they should work with any User model that follows the User class contract.

class authtools.forms.UserCreationForm

Basically the same as django.contrib.auth, but respects USERNAME_FIELD and User.REQUIRED_FIELDS.

class authtools.forms.CaseInsensitiveUsernameFieldCreationForm

This is the same form as UserCreationForm, but with an added method, clean_username which lowercases the username before saving. It is recommended that you use this form if you choose to use either the CaseInsensitiveUsernameFieldModelBackend authentication backend class.


This form is also available sa CaseInsensitiveEmailUserCreationForm for backwards compatibility.

class authtools.forms.UserChangeForm

A normal ModelForm that adds a ReadOnlyPasswordHashField with the BetterReadOnlyPasswordHashWidget.

class authtools.forms.AdminUserChangeForm

Same as UserChangeForm, but adds a link to the admin change password form.

class authtools.forms.FriendlyPasswordResetForm

Basically the same as django.contrib.auth.forms.PasswordResetForm, but checks the email address against the database and gives a friendly error message.


This form leaks user email addresses. Please refer to the view friendly_password_reset().

It also provides a Widget class.

class authtools.forms.BetterReadOnlyPasswordHashWidget

This is basically the same as django’s ReadOnlyPasswordHashWidget, but it provides a less intimidating user interface. Whereas django’s Widget displays the password hash with it’s salt, BetterReadOnlyPasswordHashWidget simply presents a string of asterisks.