Hi,
In Django 2.0, the help_text for the password field of django.contrib.auth.forms.UserChangeForm looks like this:
help_text=_(
"Raw passwords are not stored, so there is no way to see this "
"user's password, but you can change the password using "
"<a href=\"{}\">this form</a>."
),
where the curly brackets are dealt with i nthe __init__() like this:
self.fields['password'].help_text = self.fields['password'].help_text.format('../password/')
As far as I can see, this works just fine when the form is used as-is when logging in to the admin site. However, the hardcoded path "../password/" breaks in other contexts. In such other places, I see that doing this resolves the issue that ../password does not point to the right place:
from ... import reverse
self.fields['password'].help_text = self.fields['password'].help_text.format(reverse('password_change'))
I have checked, and my /usr/local/lib/python3.6/dist-packages/django/contrib/auth/urls.py does use the name implied here, so as far as I can see, it ought to be a safe fix. However, I am not familiar enough with Django to be sure of that (or indeed if this use case constitutes a bug), so am posting here for advice before opening a defect. Please advise if a defect is warranted/desired.
Thanks, Shaheed