users can update their password in their profile

accounts/views.py

@@ -6,6 +6,7 @@ from django.contrib import messages
 from django.db.models import Q
 from django.core.exceptions import ObjectDoesNotExist
 from django.conf import settings
+from django.contrib.auth.forms import PasswordChangeForm
 
 from django.http import Http404, HttpResponse, JsonResponse
 
@@ -21,13 +22,31 @@ from accounts.forms import *
 
 @login_required
 def profile(request):
-    form = ProfileForm(request.POST or None, instance=request.user)
-    if request.method == 'POST' and form.is_valid():
-        form.save()
-        messages.success(request, 'Profile updated successfully.')
-        return redirect('profile')
+    profileform = None
+    passwordform = None
+
+    if request.method == 'POST':
+        if 'update-profile' in request.POST:
+            profileform = ProfileForm(request.POST, instance=request.user)
+            if profileform.is_valid():
+                profileform.save()
+                messages.success(request, 'Profile updated successfully.')
+                return redirect('profile')
+        elif 'update-password' in request.POST and not settings.EXTERNAL_AUTH:
+            passwordform = PasswordChangeForm(user=request.user, data=request.POST)
+            if passwordform.is_valid():
+                passwordform.save()
+                messages.success(request, 'Password updated successfully.')
+                return redirect('profile')
+
+    if not profileform:
+        profileform = ProfileForm(None, instance=request.user)
+    if not passwordform and not settings.EXTERNAL_AUTH:
+        passwordform = PasswordChangeForm(None)
+
     return render(request, 'accounts/profile.html', {
-        'form': form,
+        'profileform': profileform,
+        'passwordform': passwordform,
     })