Reverts to changeset 435, and just add {% csrf_token %} to template forgot_pw.html, since CSRF protection seems to be only here (surely because of django.contrib.auth.views).
def update(obj, kwargs):
"""
Update obj attributes with values from kwargs
"""
for k,v in kwargs.items():
if hasattr(obj,k):
setattr(obj,k,v)