How can I verify old user passwod in forms.py - Django

Question

I have a page where the user can change their account password. I made a form for password validation, but I don't know how I can check if the password in the field "old_password" is the real old password.

class ChangePasswordForm(forms.ModelForm):
    password_old = forms.CharField(label="", widget=forms.PasswordInput(attrs={'placeholder': 'Type current password'}))
    password1 = forms.CharField(label="", widget=forms.PasswordInput(attrs={'placeholder': 'Type a new password'}))
    password2 = forms.CharField(label="", widget=forms.PasswordInput(attrs={'placeholder': 'Confirm password'}))

    class Meta:
        model = Users
        fields = ('password_old', 'password1', 'password2',)

    def clean_password1(self):
        password1 = self.cleaned_data.get('password1')
        try:
            validate_password(password1, self.instance)
        except forms.ValidationError as error:
            self.add_error('password1', error)
        return password1

    def clean_password2(self):
        password1 = self.cleaned_data.get("password1")
        password2 = self.cleaned_data.get("password2")
        if password1 and password2 and password1 != password2:
            raise forms.ValidationError("Passwords didn't match")
        return password2

Answer 1

If the Users model implements the AbstractBaseUser model correctly, you can work with the .check_password(…) method [Django-doc]:

class ChangePasswordForm(forms.ModelForm):
    password_old = forms.CharField(
        label='',
        widget=forms.PasswordInput(attrs={'placeholder':'Type current password'})
    )
    password1 = forms.CharField(
        label='',
        widget=forms.PasswordInput(attrs={'placeholder':'Type a new password'})
    )
    password2 = forms.CharField(
        label='',
        widget=forms.PasswordInput(attrs={'placeholder':'Confirm password'})
    )
    
    class Meta:
        model = Users
        fields = ('password',)
    
    def clean_password_old(self):
        password_old = self.cleaned_data.get('password_old')
        if not self.instance.check_password(password_old):
            self.add_error('password_old', 'Password did not match')
        return password_old
    
    def clean_password2(self):
        password1 = self.cleaned_data.get('password')
        password2 = self.cleaned_data.get('password2')
        if password1 and password2 and password1 != password2:
            raise forms.ValidationError("Passwords didn't match")
        return password2

    def save(*args, **kwargs):
        result = super().save(*args, **kwargs)
        self.instance.set_password(self.instance.password)
        return result