Did you used AI to write this feature request?
Yes
Do you have any examples?
Yes. Here is the implementation from original Django admin template django/contrib/admin/templates/admin/auth/user/change_password.html:
<div class="submit-row">
{% if form.user.has_usable_password %}
<input type="submit" name="set-password" value="{% translate 'Change password' %}" class="default set-password">
<input type="submit" name="unset-password" value="{% translate 'Disable password-based authentication' %}" class="unset-password">
{% else %}
<input type="submit" name="set-password" value=
<img width="1182" height="762" alt="Image" src="https://github.com/user-attachments/assets/bea9f68e-34d9-4ce4-b7b3-d8b5b073054b" />
<img width="1192" height="844" alt="Image" src="https://github.com/user-attachments/assets/7f3a7ac3-2938-4354-bfd4-4687dea5bc69" />
"{% translate 'Enable password-based authentication' %}" class="default set-password">
{% endif %}
</div>And the use SetUnusablePasswordMixin from django/contrib/auth/forms.py
Is it a third party application feature request?
No
In case of third party application, when it was updated last time?
N/A
Describe your feature request
The django-unfold admin interface currently lacks the ability to disable password-based authentication for users, which is a standard feature in the original Django admin.
Current behavior:
When navigating to a user's password change page in django-unfold (/admin/auth/user/{id}/password/), there is only a single "Change password" button. Saving the form with an empty password is not allowed and does not set the password to an unusable state.
Missing functionality:
- When a user has a usable password, there should be an option to "Disable password-based authentication" which sets their password to unusable (prefixed with
! + 40 random characters as defined in django.contrib.auth.hashers)
- When a user has an unusable password, there should be an option to "Enable password-based authentication" which allows setting a new password
- Or it can allow an empty password to be entered and, if used, create an unusable password (make_password(None)).
Why this is needed:
This feature is essential for systems where users authenticate through external identity providers (SSO, LDAP, OAuth, SAML, etc.). Administrators need to be able to:
- Remove local password access for users who should only authenticate via external systems
- Re-enable password access if external authentication is temporarily unavailable or for fallback scenarios
Current workaround:
Administrators must manually set unusable passwords via Django shell:
from django.contrib.auth import get_user_model
User = get_user_model()
user = User.objects.get(id=1)
user.set_unusable_password()
user.save()
This is not practical for production environments where non-developer admins need to manage users.
Additional context:
Django's UNUSABLE_PASSWORD_PREFIX implementation:
UNUSABLE_PASSWORD_PREFIX = "!" # This will never be a valid encoded hash
UNUSABLE_PASSWORD_SUFFIX_LENGTH = 40 # number of random chars to add
return UNUSABLE_PASSWORD_PREFIX + get_random_string(UNUSABLE_PASSWORD_SUFFIX_LENGTH)
The change should be made in the user password change template and the corresponding form/view handling to maintain feature parity with Django's built-in admin interface.
Environment:
Django version: 6.0.6
django-unfold version: 0.97.2
Python version: 3.13.13
Did you used AI to write this feature request?
Yes
Do you have any examples?
Yes. Here is the implementation from original Django admin template
django/contrib/admin/templates/admin/auth/user/change_password.html:And the use
SetUnusablePasswordMixinfromdjango/contrib/auth/forms.pyIs it a third party application feature request?
No
In case of third party application, when it was updated last time?
N/A
Describe your feature request
The django-unfold admin interface currently lacks the ability to disable password-based authentication for users, which is a standard feature in the original Django admin.
Current behavior:
When navigating to a user's password change page in django-unfold (
/admin/auth/user/{id}/password/), there is only a single "Change password" button. Saving the form with an empty password is not allowed and does not set the password to an unusable state.Missing functionality:
!+ 40 random characters as defined indjango.contrib.auth.hashers)Why this is needed:
This feature is essential for systems where users authenticate through external identity providers (SSO, LDAP, OAuth, SAML, etc.). Administrators need to be able to:
Current workaround:
Administrators must manually set unusable passwords via Django shell:
This is not practical for production environments where non-developer admins need to manage users.
Additional context:
Django's
UNUSABLE_PASSWORD_PREFIXimplementation:The change should be made in the user password change template and the corresponding form/view handling to maintain feature parity with Django's built-in admin interface.
Environment:
Django version: 6.0.6
django-unfold version: 0.97.2
Python version: 3.13.13