enforce password change if password is changeme

routes/rooms.py

@@ -3,11 +3,13 @@ from flask_login import login_required, current_user
 from models import db, Room, User, RoomMemberPermission, RoomFile
 from forms import RoomForm
 from routes.room_files import user_has_permission
+from routes.auth import require_password_change
 
 rooms_bp = Blueprint('rooms', __name__, url_prefix='/rooms')
 
 @rooms_bp.route('/')
 @login_required
+@require_password_change
 def rooms():
     search = request.args.get('search', '').strip()
     if current_user.is_admin:
@@ -27,6 +29,7 @@ def rooms():
 
 @rooms_bp.route('/create', methods=['GET', 'POST'])
 @login_required
+@require_password_change
 def create_room():
     form = RoomForm()
     if form.validate_on_submit():
@@ -56,6 +59,7 @@ def create_room():
 
 @rooms_bp.route('/<int:room_id>')
 @login_required
+@require_password_change
 def room(room_id):
     room = Room.query.get_or_404(room_id)
     # Admins always have access
@@ -74,6 +78,7 @@ def room(room_id):
 
 @rooms_bp.route('/<int:room_id>/members')
 @login_required
+@require_password_change
 def room_members(room_id):
     room = Room.query.get_or_404(room_id)
     # Admins always have access
@@ -91,6 +96,7 @@ def room_members(room_id):
 
 @rooms_bp.route('/<int:room_id>/members/add', methods=['POST'])
 @login_required
+@require_password_change
 def add_member(room_id):
     room = Room.query.get_or_404(room_id)
     # Membership check using RoomMemberPermission
@@ -121,6 +127,7 @@ def add_member(room_id):
 
 @rooms_bp.route('/<int:room_id>/members/<int:user_id>/remove', methods=['POST'])
 @login_required
+@require_password_change
 def remove_member(room_id, user_id):
     room = Room.query.get_or_404(room_id)
     # Membership check using RoomMemberPermission