diff --git a/django/contrib/auth/tests/views.py b/django/contrib/auth/tests/views.py
index b03489c7d20..1011671fe6f 100644
--- a/django/contrib/auth/tests/views.py
+++ b/django/contrib/auth/tests/views.py
@@ -193,6 +193,23 @@ class ChangePasswordTest(AuthViewsTestCase):
         self.fail_login()
         self.login(password='password1')
 
+    def test_password_change_done_succeeds(self):
+        self.login()
+        response = self.client.post('/password_change/', {
+            'old_password': 'password',
+            'new_password1': 'password1',
+            'new_password2': 'password1',
+            }
+        )
+        self.assertEqual(response.status_code, 302)
+        self.assertTrue(response['Location'].endswith('/password_change/done/'))
+
+    def test_password_change_done_fails(self):
+        response = self.client.get('/password_change/done/')
+        self.assertEqual(response.status_code, 302)
+        self.assertTrue(response['Location'].endswith('/login/?next=/password_change/done/'))
+
+
 class LoginTest(AuthViewsTestCase):
 
     def test_current_site_in_context_after_login(self):
diff --git a/django/contrib/auth/views.py b/django/contrib/auth/views.py
index 82759e9e4f4..c86ef535954 100644
--- a/django/contrib/auth/views.py
+++ b/django/contrib/auth/views.py
@@ -257,6 +257,7 @@ def password_change(request,
     return TemplateResponse(request, template_name, context,
                             current_app=current_app)
 
+@login_required
 def password_change_done(request,
                          template_name='registration/password_change_done.html',
                          current_app=None, extra_context=None):