Great questions! Let's break them down one by one:

Absolutely! The built-in password reset views do work with custom user models that inherit from AbstractBaseUser—but you need to make sure your custom model meets a few key requirements:

• Your custom user must have an email field (or another field you want to use for password resets) and properly configure USERNAME_FIELD or EMAIL_FIELD. Most commonly, developers set USERNAME_FIELD = 'email' so the reset flow uses the user's email directly.
• Ensure your user model implements required methods from AbstractBaseUser, like get_email_field_name() (this is often handled automatically if you set EMAIL_FIELD in your model).
• Don’t forget to add AUTH_USER_MODEL = 'yourapp.YourCustomUser' to your settings.py—this tells Django to use your custom user everywhere, including the password reset views.

Here’s a quick snippet of a valid custom user model:

from django.contrib.auth.models import AbstractBaseUser, BaseUserManager, PermissionsMixin
from django.db import models

class CustomUserManager(BaseUserManager):
    def create_user(self, email, password=None, **extra_fields):
        if not email:
            raise ValueError('The Email field must be set')
        email = self.normalize_email(email)
        user = self.model(email=email, **extra_fields)
        user.set_password(password)
        user.save(using=self._db)
        return user

class CustomUser(AbstractBaseUser, PermissionsMixin):
    email = models.EmailField(unique=True)
    is_active = models.BooleanField(default=True)
    is_staff = models.BooleanField(default=False)

    USERNAME_FIELD = 'email'
    REQUIRED_FIELDS = []

    objects = CustomUserManager()

    def get_email_field_name(self):
        return 'email'

To use the built-in reset views, add them to your urls.py like this:

from django.contrib.auth import views as auth_views

urlpatterns = [
    # ... other URLs
    path('password-reset/', auth_views.PasswordResetView.as_view(), name='password_reset'),
    path('password-reset/done/', auth_views.PasswordResetDoneView.as_view(), name='password_reset_done'),
    path('reset/<uidb64>/<token>/', auth_views.PasswordResetConfirmView.as_view(), name='password_reset_confirm'),
    path('reset/done/', auth_views.PasswordResetCompleteView.as_view(), name='password_reset_complete'),
]

Just make sure you’ve configured your email backend in settings.py so Django can send reset emails!

Short answer: No, you don’t have to—unless your use case needs functionality the built-in views don’t support.

The built-in views are highly customizable without rewriting them from scratch. Here are common tweaks you can make instead:

• Use custom templates: Pass template_name to as_view() to use your own HTML (e.g., PasswordResetView.as_view(template_name='accounts/password_reset.html')).
• Modify the form: Create a custom form inheriting from PasswordResetForm and pass it via the form_class parameter if you need extra validation or field changes.
• Adjust redirects: Set success_url to point to your custom success page.
• Customize emails: Use email_template_name to override the default reset email content, or override the form’s send_mail method for more control.

You only need a custom password reset view if you have unique requirements like:

• Resetting passwords via SMS instead of email
• Adding complex permission checks before allowing a reset
• Integrating with an external auth system
• Customizing token generation logic beyond Django’s default

For most standard use cases, tweaking the built-in views is faster and less error-prone than building from scratch.

内容的提问来源于stack exchange，提问作者Ahmed Mekky