id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
36541	Using the `string_if_invalid` template configuration breaks the password reset button in the `UserAdmin`	Drew Winstel		"Steps to replicate:

1. Create any basic app (polls is fine) and add `path(""admin/"", admin.site.urls)` to your urlconf.
2. Set this template configuration in your settings.py:
{{{
TEMPLATES = [
    {
        ""BACKEND"": ""django.template.backends.django.DjangoTemplates"",
        ""OPTIONS"": {
            ""string_if_invalid"": ""INVALID EXPRESSION: %s"",
        },
    },
]
}}}
3. Navigate to the user detail view in the admin for any user
4. Observe that the Reset password button renders to HTML as `<a class=""button"" href=""INVALID EXPRESSION: password_url"">Reset password</a>` which returns a 404 if you click on the button

This is because the default [https://github.com/django/django/blob/stable/5.2.x/django/contrib/auth/templates/auth/widgets/read_only_password_hash.html#L7 template for the password reset button] looks for the `password_url` template context, which isn't set at all by default. However, when you have `string_if_invalid` set, `password_url` resolves to the fallback string, preventing the `default` filter from returning the correct value.

There are two workarounds:
1. Find a way to inject a `password_url` into your context that gets set in the context
2. Override the `read_only_password_hash.html` template locally to hard-code the link to point to `../password/`

"	Cleanup/optimization	closed	contrib.auth	5.2	Normal	worksforme			Unreviewed	0	0	0	0	0	0