better password management

models.py

@@ -22,7 +22,7 @@ conversation_members = db.Table('conversation_members',
 class User(UserMixin, db.Model):
     id = db.Column(db.Integer, primary_key=True)
     username = db.Column(db.String(150), unique=True, nullable=False)
-    last_name = db.Column(db.String(150), nullable=False, default='(You)')
+    last_name = db.Column(db.String(150), nullable=False, default='--')
     email = db.Column(db.String(150), unique=True, nullable=False)
     password_hash = db.Column(db.String(256))
     is_admin = db.Column(db.Boolean, default=False)
@@ -363,4 +363,22 @@ class Mail(db.Model):
     notif = db.relationship('Notif', backref='mails')
 
     def __repr__(self):
-        return f'<Mail to {self.recipient} status={self.status}>' 
+        return f'<Mail to {self.recipient} status={self.status}>'
+
+class PasswordSetupToken(db.Model):
+    __tablename__ = 'password_setup_tokens'
+    id = db.Column(db.Integer, primary_key=True)
+    user_id = db.Column(db.Integer, db.ForeignKey('user.id'), nullable=False)
+    token = db.Column(db.String(100), unique=True, nullable=False)
+    created_at = db.Column(db.DateTime, default=datetime.utcnow)
+    expires_at = db.Column(db.DateTime, nullable=False)
+    used = db.Column(db.Boolean, default=False)
+    
+    # Relationships
+    user = db.relationship('User', backref='password_setup_tokens')
+
+    def is_valid(self):
+        return not self.used and datetime.utcnow() < self.expires_at
+
+    def __repr__(self):
+        return f'<PasswordSetupToken {self.token}>'