From 905a056c87fd02547ffb24aa0d28540833c5f124 Mon Sep 17 00:00:00 2001
From: Kobe <kobeamerijckx@outlook.com>
Date: Wed, 4 Jun 2025 14:21:12 +0200
Subject: [PATCH] Better password security for new users

---
 __pycache__/models.cpython-313.pyc            | Bin 29344 -> 30144 bytes
 app.py                                        |   2 +
 models.py                                     |  56 ++++----
 routes/__pycache__/auth.cpython-313.pyc       | Bin 13624 -> 14393 bytes
 routes/__pycache__/contacts.cpython-313.pyc   | Bin 24668 -> 24668 bytes
 routes/__pycache__/main.cpython-313.pyc       | Bin 78708 -> 78726 bytes
 routes/auth.py                                |  23 ++-
 routes/main.py                                |   2 +-
 templates/auth/setup_password.html            | 133 ++++++++++++++----
 templates/settings/tabs/email_templates.html  |   4 +-
 .../__pycache__/notification.cpython-313.pyc  | Bin 14811 -> 14995 bytes
 utils/notification.py                         |   3 +
 12 files changed, 166 insertions(+), 57 deletions(-)

diff --git a/__pycache__/models.cpython-313.pyc b/__pycache__/models.cpython-313.pyc
index 7cefa31d72d69ca6fda084a41f565addb65c7702..ca58e881759f4f853175b0c5091e973dc6eec0f3 100644
GIT binary patch
delta 7791
zcmbVR3vg5CmG+e-zhv2xEbHZmWCO+mY=ezyYz)Tu0T}bV3Q!O>vLwqgvSj`%LwU4z
znwca`CxLL%CEb}cq|GdZ-3Bt=mQM3nvO7B^oo*vF-PU`jvrRganPtgrAdqA>n;G_;
z|H`&x%V`@;^6|g!fB$>Vcg}y#@x>2>8@Gj`dpcb~7XF66wrTjKu2+jxIl`M$hMXT|
zJ4I7VHY*oP?OCisG$U4u7DR_=WzL|@WryG7Kh^NL(Hjo0a{2?|KrB!fWn;tM$jd6Z
zXwd6BIxrR;8xMP90ZGpFc_p9MAAn;8uL~=oUK^;a!<V{LEC>H#^#lzFk_y4;WR38u
zwpOSISz9SILtSqtv=!P4SJMiCR^S3}VY#pdzExP6*Nh`Bfz`uHh5gp`*pc(YUMV&Z
z@s0*$O<>d;3ge_*_mZ{=C)w8sHo)7u3L8Di8VSrZKn-bd>Vd9HSTdbgIc=$!)-S!A
ztG4FE)uxXN1<l5fa|BI?@Cl-eHN%nON@3~LM6oF3i1}hciwb0YRkqfnhI8d6I8v^L
zjfR{8kD);ji&35?xYKUaXg#IL1(8j8))tjmf>UOXu{ujMiKU`WG-KaFORFrieXD3i
z@!Lcjvj^?2GFiPh8Xdj07M?XYo8{cj4zaVNtNUd^&WlDAb?}dpbv_nA9ry<rE|*v>
ze&5RiTZ#X`O+&lMM;~5;AggHsbJ0YraqpT|Y~XHck|Jxv&Wz--$u=O!Iyyl8zyJ%3
zv4MdOc*9uf<q|!BvpZd7teuu_BIqF4Ops5|Nzg^mP0&LSCD?-?YyAPq$3kPVP&C4}
z({L_9AHfc2D{<->of=6+UlwId3*nO5S~?TkPeAWybGki9U4pgvzjPPw_SoTx&HGw!
z+7ipfc)u@U@K5&M$;m1<oQ*yieQxOT;MI{UBR_M*_YNiMgLksBz9DQ@;XfyYPSxG4
ztl};e^qRIi`3q=UI?U`ZFWI^`0>AF>gx#e!FqD41K+F~MP|s>n18<Eq=3oQK0<V-d
zY4UmN>_G>-H&T*^9b!>7tXW<`0|he!tQhXr)Dy?(!8PK%<u5ABn`f6BJtfE{tyn1P
zT2#!$dqrX~@0E&rW)2!$My~i<-B4#))x{3u$yq-_4_ih}ZW8;jg>+d#16+>Bsii2`
zvOvM`jKyl7Q!b;mg#>znZSXIaf!d?g%%mnFAwLjtLiz%FtsAvBLW!lj<Nbq)A|ITy
zUa#UZr-hkiZdb!Q{Q-DTbpU1Oocg<(Zh@O$Gr1M~F(V4G41Qj_LQ{-VG4q~KZst8J
zJhOKV{9wck8w|M+E<dEvdo+6=g7-&C4F=JOHmdR%(TvG0R=_Lewv_qO<h(68UrF=%
zX3-*|bu$O`+VrALw2Ni<v{NicORf?tSaq<{<zQhv+ATMNoKH45Fcb<0+^mQWtV8Hw
z9ynHE&ruWvk5^RIlNB>B!61TcR199RasIfZXzK(mISp@D)CeKCQ}OhsRvd6;b7Pa$
zv6Eu~Sv}^B4QDoR0~vS^9%k0agYaf$qdUdOmn`4_z3~h|CQF}V#GK8arNvJ}m!q~K
z-PmRA_*giKw}yYf8$<Sd$AR~S53V{aEkq)@K#F-8!`Z=;+#zLT70H$hnB*&6fd`Ho
zc{g2&TKBughvCPo%HTa`Z65ao?;6}tR8_I(GP`=}%Bgs3Z`?hcXb7R<pAx#s{!a=$
zWdHgts>!X>Mfy}{5pUTM-+wewAI4?h6t>XnGs0HxEw-tkuc}UAE*&N_bD5B2Ze4+x
zBj%#3Kv#gS!hvL71y>vL)qLPw^|o9sGOF04IWJgtqH&98)GgU-1!fTSNGhXfU?oAL
zt3)n-SPC#vkr3(d)(A=BNrWV|4Af6CdJn8$(x!@JL2u9l|GuQAnsY^^*zOCoc)=|I
z6-z6G<FI~dZ7L^BUx5>P+MmB9g#&PXY2)H<{dszXfIdw68!#+uO8SdKM-oL|IA%4&
z;IbY?^0Y2Z^2AR1-HT`cl|Ez6OXTH}s_3Rp^(t0a<Fe)JMf4e{DLeHvCFD8C3+U*6
zH=}wj_*{8%&Z5jsSX1UIL>sEJQnWKiu*_91Yu(H%4F~*Ol_&Awa$!sv$>1(<npG1#
zPEby;gdknz%t2%1)ny&+rNiwN=YbyI2fuPTOL(}z9nH%s=BMR8_{8;m`%~CFmFsd2
zvFNCir8pJ#G~X`DLcvhP8y?8)Tp+Q+COiqZSFD>z@g>f$z#D$M%=waQbVND=dxqdV
z0T4V(kU}l$eh<OTE>QD10=l{xc@`dCu<ujrZwWRKWV*60(F6f0M0y-U)5o%=P1RuV
zSzz@t2W)U!VZ*ACREN``O$j^T5nm}xhH~J+s`3Lj8{cXDWovw21f9o8VFx*nK4B;K
zIJ;6k&b8iaZ8weY*neq{yN}}9<3cYj>J_$gf77R$-13Q9(6|L91iA#9I&D+^btlxq
zQ&YcN(<}&eP}sCZXaslDD&Ylqq^WmZiV_?dm5|Ao_kghWHDM3Dv3BL|bjivE<70jv
zb9!U4)`!8kG#ZEvNB!)r#UwdJ69mL8=?py3*{Ak44+%N^XjA+fe!tEqST5sy(t%ZB
zvxnIb+4ZSC4=ooAKgYJ5kJo1`!01+Z4ZhQ|uKJ&7#WX<$&F4yiSS%C?N^0ym@rTL8
z`z<SkSEdSEZK{di<EX2M(N^p~2wp>w3qn#Tg7;0thc~7_<crDba7c<VnI<*<@zF7f
z{ejxqIH+8GuhYYC5WI=tQnR^p&`S14gp@O2PtKPD@KW27oS)Iu1Q=Rt;9lF|IU8X-
zY0B(hGpdN*!@qnFwfJk(RmBoC@f(8o2>y#;9@UE*Y4Eo*a2ft{!&wX03yr0FRd{>L
zQTS-%-LIMqQIO1&AxeIBrX)i=_rw&4*(mpv3p=Bc;{hglDM`5X3p_^}DLiyo?%oX4
zI!w?HKiTB$o)<akd@1`#Y={;H2|@^R?v8*Yd4mDDFm)Mo@r?99hkjivEsYSgAuPy{
zN>fic8$`VeKj^5OQ|eBa{V%sUdev;E#EwySo<euf7>~0gYH_DVI$|*bBf&UAlbkoI
ze4Mnnf4fbq2}r=wpJp<r^(ihaL*^83*&RO^Nz_NtIc-w)QZO_z>zv@h=JiVIMEj<Z
zhmK0Wduo^{9*1{2Kb~RH+g()}p31;ST@~3ybIElfW;A-Fi~(<26C}E96BwuC7{%zN
zymVm}&CC+CxUB3W-1^q<5EQ0hRE=$gBqnO5FonAO+wW29Gy%_s=E(E+I3^pC^yrAi
zyuRVlKqMv?<R+z>B+2b=Z4;3M>k~ZH%}5h{a-Ug-{0Uq=X$-Oc#SGa)2g^me#_%|c
zbEAa5Nl(BDf+|Yhddul~trx#&wem?{LJyKC7b{6s`W4dS^dTi<;}O{87EG#5<_qoT
z+b?dsu_95jW3q2rt2^8NWczdLE;n9nz0!JZB;MPfSUHf;9+~W#HkvLpoNtI%H{S@w
zzdo8UMkcq@O;)2^WFPTMAhD%P)$u95@74zhiYiYPB!yld@+Z|w(N8D~(>_MGgra4B
z-2bEQX*A#iWnW^vaIx1R+=UyxX<AsA@X}_P9530QJaejnkUyowah9H$3sJUHH<zG~
zfLkwD$!FBvkcG#e?~l1VCJ``#58zwd|5dprKZR|5*M<92!j3Nl>j9kG=~|edO_lEY
zLa3bQ;`x>;0k<T$4-I>Mq8KT4GaKncSl_se*@+p#2Q4#(`u^Tsf)=Y2qwsWXK3o#l
zgP3oG`=VVaf?bDfOI0cMY7vbX;abHKbm=BnsjTTfj+6~Kpx$lObK6X@Na%B0wJGL@
z$?OUEgWE2&!e{R4Wf{$?h;KM+RI6a)!_EEt-cn?f+3lVo!DiAak21HAj7YnR@yyfS
zR!BU&x{-TZvZKWvYX@yZ;K2W-1k~@_K9jo)B#Mr}Bm0INih&Hrw|WvQ4=1$!lU-yC
z`;%c^2YkNICp19+{#TQ#E?VFtVEKVpGirJly`G=}K0UBW(KL0_G)*#~-@V~fO;bS%
ztDKaiV)=^F(=-Bn_u#H<EtapS9`*S_s|MSwgr`S=p_21u`LOelT~p{Oq>N|Crc=^a
z75eaOW+jI76?$}7L&0PgM{JxSc4SDI!jPTOSZFBJjwh9KBGi_Ww|*xMB`rUdH1R_f
zDWv%^{Li6_O+C0YnX$+Pe3JpHgDCpkN|Ou71aEmtgdIp93w-EF^9bb&WR3z`y!^o_
zG)(W9r4Yq@Sg&Q|B<8b;7H-20u{0a-`dKgaw+ovQxrdnLnVh5Su{hs+^e6$zPWqJi
zR+r|fr}f4Q`RDVWtA1g{_g7pTyfpg5(QDgo<|k_Q#t(ZF`ayW8->q-_Me9Ge-i*eB
zrxTrL654OVx&BIpJhXKhdFX)jyZ6M@ulqm4+BmO6!oMBauPMT++G?t*t;V~XZf=hW
zHE!hkE<ulA7fq<|QkPlQbyMx$9T**>zaoTo!)|YtgL{Ub;?{~&zfP@Goj>NSPSN=w
z57j>O8YaHP+v66pIqhAuPNSdXRf-EHv!)Hsi>6Dq7i|}{m)FFL>*9HJ%EhF3lRra+
ziA9Uvn2?MQjs$!$rTVQNjQUT`rvkqg67;E@I6Sf=W-yUpjtxA<%b2e65GR6P!w7cM
zXJrXc;QNQPeDqCURije=j<@WMd&Uy=$1pV5tm>m6u0zF>(&C-T46|PO{D=S@oz^L%
z|6Nt37x$Glq_r8#wBiAimibf24zAboGf?=1rG#xkh7SDopl#^_o5KaNZU=5OtBPar
zzd=`O*!*WCo>AbZNCFh6b78X>wN4Yvvpo_xWr~p))gDRcvNnc9gcpZvmt+($ebI5+
ziNHJc;jmdyN>9|!Y#aZ*NYSsE3Vu0aHkSOf+{s3cmViaH2!*igXp;sjgZO7A#lxDi
z^Ta}U?Px`|&ZB`FDpM;~{Z+guNM03d+@b+(YW`ho+>JT;i74}nf!O$%J9;z_3B^Dg
zUbZ@|B1qp<MZlA6o==&nn|cxVg`aJx!$Fr?R*y>o|6DL57X-dB7GeR3M3|~zC>~uQ
zOhW7Es^lN{u8f);N|Y>XVsx0a<@Cl4@W)Z7@aXwSn*04LZ}3^CtAu0UC2eKUJEKAl
zcf9N|YR#D!UFz%D6EwIe2Ogza0^*kR7Cu2Wp_R#+kZI<c=Os!Z8mv(Q;rKdUKwcS6
zXh$czKE{i_oBxS%tzu)3!ndQ}w#c}dtZ{n>!+{iXGbkIgPaGsE)e!KC_w&@cL@-70
zTY}pJJP78&BM<j@Ai~1|a^c)JC@kimL7q)HKqI!~ytdJ(e>@!6$i9b*@xLtTHsYOZ
kL4bc8yJ0LBTu-!|8@w?5%<%mz?A&jgdhD24P*cqH|JArQ)&Kwi

delta 6921
zcmbVRd2kz78TZPPZAq4F*|IG8kY(qxY{zwC$F=MDigVO);xt+3tZYS=){YX%Qr@nU
zmX@(gm;#~DCLc!&QwX#}8itvs6;O_L$N+!%51<lhN@qC=4A5o*B(yM)nNaw?w?1TB
zE<<;sU*5Ivz5RaQ^`5WX5H9>tu)b@tn6mIG*wAzA?cNuxx*Xx<ge~WpY<IhkRfzVo
zELJI&Ai6~dVwG6RJmXHU3tlsRs_2rST1NxH6aIKCJ{bupk_=CnUKZBDZnNaB$638P
zmV^JX27>hnvJS!HVNH-U*9vuT+w2yaVZ*LIxIf>O-$)|_8i50*^DBh)@N~XAuNhms
z0&9RD<&QYqv7#Cy0a@`+1fr5^kfMQb1UuU;&zd)2C)-5O0dHF>%jiwkMBtbMD#$+J
zyxo;(v(^cn$<_DFw5Ce;CH3}q^n#)5ogBf?EBph|%lPZ`LJ)uRk8!s2Zk`T)+xQGT
zv9lPaHyYumJper$^Wfiw)dfb;<g?u+i01ZeR_xP5lTd0f`s`S`qO-%7dQDET0J|K%
zqM9tRP_&6fVlmcBwV~Da`4%S^zDsnlvhh-{Q`PT_#iG}n;F`^2=O3k7f=oiuhx`nC
zWT-3ZE*Qogvb6}Ro*E%wa#)#{>bb#y91Mgc_;As_4Q<$h6zWNi>>jMl$sUWWgN9pZ
zwMM_6Npa@)cb+eH2e?cQVCSH>oORO3E`n}?9s&{%>m}Gi&_}S9AVRPQK{baYImp6s
zB^;Yz{nVUGu#;c_riwj<xKaA57-ME?9ERtMYinssY(D|5ud&0)Jw#Oks>#>jKgDtP
z)pgx7Yf`rRrgz@T$ttit9y=R*a_qU-%#oR0DeGalWFN@kpK=Jg+FU{eZjSZA^Cd2b
zmmJR9L^_BMyjs$poh#<So6#z$bJ&f!BG!;63p`R%zNp2ztfgRCOW|CLfzJa~!+h43
zxmk;R#i$LaI;b`}X6Lnh(ZXvbqLn$u3%rG#*XzA-wzT2+cD4q0sp<9*m1+sNG-N7i
zG?iweNwxU>N?<f15&1~)64qk$dOkrR!47C}`fDXBW|BXt8s8VuF5iZPvn%iF>diB&
zQ`S9j$N7>b>9r(j-S4yE)|dphYSu$!+>!{bJ0rkIo)P|9J7}=rXFIr%PE<H}%?Z8U
zd#T?@jsqX&;{CTPS}j(wz*mGeR)~aDKy{r9TWmhpY)d7z7}2amJI?B+n#U@Zhz_w7
z$5)9?^kyE>#j3~4P?5tp_4WJUc4c|%5n81NLCs<nR9;13Bd8)Ef1p|?<B=HJQOG|Q
zjz}`|!HC;w=8{)vP%S*-UMmFQsRO5>s;bo6hK=5AZUU-ac`z=i`glM&w%qE#U**8}
zPE~CjO0%?@Ocb&QXr(2@adTT>Z^7_BNrTVAovPZ(#TKWU=f5SOAk)1b?`}13wvDN|
zAt@p$5@W=^YLb-z7DN8g2f2sHs177dF46n2AfJMlJy&wB*7jU2>V-S&%i+t_wK-^=
zS8YA;YIS9G@~-Zghi0Ow0^jt#Z&(X8LrperN$&F{_YSA5BhXp1Uelm3*C0hm*B}V3
zbE7sjKsUPJ%Vh?bUUjd*h?Ez=RILM!HtG9BvxsKYp4}oan`lMei^Kv}JYMLvsRjFG
ziHX`bZAT`rkI~*AMHpgMDiZJ8*%4@2y;(Q`Cs&{8;Z*80yZ9mv$>=$qOD3Loq6}Kr
z)TVQ5{{Y-_qvVUHaS4~#Y+Tt#K1Ew4pf8jGOlzCrrpF8eYY%I}eTobB$(7Ahut2AG
z7aC(8Jnr3%wO@NH4QPa7A^gW%X|Zu*)Z$n<{LbsDv-wKV80|c=Rq!}giE+%$<CuAf
z1>|E=hzorZo~v`4=M9gYfmB^_1-CXbDb=EAgEeEjBw#!+)q9MWbZmsaY8X1}pFaEv
zEPg20>ltIQsE4H)96QVBh_Uc^cp?z-XEr<<V^7=EJYkPQb3^M?nlV;=0K&K{T`<OP
z(6(t?>{A4vCU~6S34%0Esd^4!4+AQGh9HlC`{K`1>2m}thQ?>8mtYcq@(>2LN3-6r
z*T9=6>yiFdaCZIi1>3yKv=B961G?J1jTLptfncg2lxCZkcV6C{>_3{a2BvrX15>6U
zK?}vtkOC!s(|B4hd?In6d6OX2!(%NwgeG{cr9t>22%C1c{!cL)X}?Re2Y6)D_k}&s
z*;>DMv20Y+WIV)^pMav8gP0Y{QAs%#3$a&do=maodFmh_eUTsLiQvy$#{|s?o=<eO
zJuH+yi+!^Wpc;$YnG2C65~=oeg6-Q_R*mTQ(JPW4d<l#ltu^1L5w8(cQh%;2DN1-^
zT-IaFgAZo3fsQ)i>xsuYT)L^N*y^=1nu=W`cnLu@h2`)Bdf15|#)nWisHpl#SXS8U
z)M*G!M&mMjgUZ?1sCoYH(97Q?_#T2+&ldJUBiSzz()NHg)hJ7_x@%R=H>qn1&ULH>
zxodbq!x_)qGrOgX^w2u|%lA-;FT0o~_EYNk8Nsgz{y?yVoPs85OwPfxFw*^aHCGpE
z3*vA7p-s^9?!SZ&o`CDb0=U&%xiu~M=BFJ@xS4C*;Vo73`(hKPBqj$aO}+jjTyT*}
zaCgOhlnw6R;_30>08GZy-jUf+Y-0fe`T#X|w<ODfaY@ZjAI5mh8K+ZFy>)Z?qM93H
zCuo9YQ3e|O%7j;;zt6ou-JrKDqjOr3wg^qlX`7(Z650l+Ek+P0;Ev}cm5K=XDT86D
zS<Q=TA11Hth~A=C2uP6f4CUz63*IIzM^83xOYZk4hseRekGFPchWQqcPHzhd&$cmv
zAG03YUTvPsm5cD)w0FPVis^Gcrq7f|(y0rZ4q_9JQKAjgKD$_i;lD&I#$4L&Enzos
zFV}yLpfQVq9?M#qXQvWHf4*sUlS(|jc2MaeoZjKdSs)I6xx?JthCO&r?V|z9=)y*|
zaF+l1*zy~2-MfgsjJbNo9FIuDQ&Ma~ktURti7Tef6cTXu{!FEH^r|_aD1qRys5DWp
zybo<8AucA8lKcwNR(8HWfT6<#6a5wXds60B_(Fe$(0qPd2@JLw6W997b?$d?@b%vz
zXmb6KX;wcP!y!thth=0MKJh<k_FB~ZLsKNY6*L`t)UsL8_0H{DnHS<;uwO1gn9h2`
zw)(=*#lv4Yd|}|ZlgWY&$-E6(Y&wA5gWmU%?$nZ)Lt3xSZQCCXr5#~EiCt;IJCn_D
zS-(r;Rt(G}B1S-Bl3yml!qKBf`1<arHI07<b`QQJ+)5bs+!37G{#PwC?u2Xa9l^cC
zl{V4T@6Ew2XcoVvP5B-fkx+qW-RI!)(0Vc>y_hZL;`z2eH%Bz0g=lBgeftL?88t$r
z$p|m*-+1n(5&p7&l_y`+aock6EV>l4XeZC24cktk5{AoR@PM<5n-Dh~I-FjoTOWR$
z(vGPY@kn$|XoLELHES~3h?UPZPi`%+gPTTp9MELoS|$Tp-~oaay<DGwz1)v+OIX6#
zRxliDT2Dr?GFzQA13@|d<R3!s(E&Q)UQtrkUGU1GF?(Ce+%mnD(xHR1=}@NtgM&`E
z|L{)CgT8k7g;@@*%k~ekBQIp6aDWyisE4lmdvduD1_bDCa|(m$9P(q&Z=>!xPT^JG
z9>Iv$3wLKDrSQW3N;oy#YBBlp=|)P-N198)cEGj8<g;Llg||34r!M5QOyhJgri91B
z9k{%jGeKo}HvDyC)2yeo!RC=l;Sz*KF6`JsyX7u0TQ%_){B+ROoX=M3%*;1mXP)nV
z81QdO4``V$ncko85Un=PHzhn1A<Wg#ikDJP19u?vcu^(=LTo#)3wW)ixl8UTbF|l2
zRt`VCML@!m|3Jz?M=N(>(dUiljZfBmx$ddD3!@jKUyWYwzq+<-#-1u1obHDo94d#`
zkKV2CPMJlh47fFd{TjiM#LY2}01u7+;@mAG+GZ|AFMjp$P_U%|kF!2IQfI|hyh+5E
z<`N5$IGeXfwQQpc(IF`sryJSuF1Q`6F5yP`BB?mfSQ1pSL3^l1@bTN%OCj6c|HA`2
z7R@_P*b(?!Xi*6JAcRpGf+_Rl=y55iXm^DA(OBrgrF;$0zIigq+2vUY(bvxQQqMwy
zvZC8PPFxY}BCh_F1wWC#kvErzz?re?@?_(V<iSAlz-Y=E)DAd}S`0bPnMwS0?5fT^
zjBl$367-x^IB^5BR`DXd8SXIil`hh@{IKRY>*A)NQ;kdthT~!Mmue2C`pTr7*)A-*
zaq@X7N8#FWZ@O7jEOR5Y()*jmDf;#p!5$hMr_yPHC00RFrUT4`;twd?j#RUP`UD?7
zQM+nI$ugRWU^p>z!Xaqd%(%>SKU;cb(`CpOG2l?(F_<u0)56Ys(c&Cz&TZF0^>8!q
zD2A@EtJ#c!Cm)BEh!)iKrQxUOK0NoGj<Jv^DU<P`*a>MO9Ea@Knu=LMs_Aq25pMnl
z4>Pz!vCrI9k3C+!s-Kjl(849OYLXs^hnXbP_osU;D38|(55x9&!|Y!zz8!Z|abgA4
zpwPmLhSRbga3k&!rXc_1A}jen!`Qqt)AEpyt-u;PLmgxh>?2g-20>1YeH5$Sm0j2r
zjV2(akY9vfoYZcIBGxk4$aa<`>$jxLebZa%PbAy;Uq@OrqnLuPvX7L$j!US9A-Yda
zJG{rBLoS;-M9Z%w2oum16u*$*hj8t{_ZGF?AmCXMPhEJ#<q?p(S8h#Q#rRe!7tl69
z$&Q-0IT{O1Mx-uw4)>4$vg8|xx3UERUX!mBIR)>>+n*Ty{IPS#{+@-Ezqcg5rZ@yW
Hh1CB7WE5!-

diff --git a/app.py b/app.py
index 48d597b..fcdde20 100644
--- a/app.py
+++ b/app.py
@@ -29,6 +29,8 @@ def create_app():
     app.config['SECRET_KEY'] = os.getenv('SECRET_KEY', 'your-secure-secret-key-here')
     app.config['UPLOAD_FOLDER'] = os.path.join(app.root_path, 'static', 'uploads')
     app.config['CSS_VERSION'] = os.getenv('CSS_VERSION', '1.0.3')  # Add CSS version for cache busting
+    app.config['SERVER_NAME'] = os.getenv('SERVER_NAME', '127.0.0.1:5000')
+    app.config['PREFERRED_URL_SCHEME'] = os.getenv('PREFERRED_URL_SCHEME', 'http')
 
     # Initialize extensions
     db.init_app(app)
diff --git a/models.py b/models.py
index 202ee97..576a659 100644
--- a/models.py
+++ b/models.py
@@ -34,7 +34,11 @@ class User(UserMixin, db.Model):
     is_active = db.Column(db.Boolean, default=True)
     profile_picture = db.Column(db.String(255))
     preferred_view = db.Column(db.String(10), default='grid', nullable=False)  # 'grid' or 'list'
-    room_permissions = relationship('RoomMemberPermission', back_populates='user')
+    room_permissions = relationship(
+        'RoomMemberPermission',
+        back_populates='user',
+        cascade='all, delete-orphan'
+    )
 
     def set_password(self, password):
         self.password_hash = generate_password_hash(password)
@@ -50,10 +54,10 @@ class Room(db.Model):
     name = db.Column(db.String(100), nullable=False)
     description = db.Column(db.Text)
     created_at = db.Column(db.DateTime, default=datetime.utcnow)
-    created_by = db.Column(db.Integer, db.ForeignKey('user.id'), nullable=False)
+    created_by = db.Column(db.Integer, db.ForeignKey('user.id', ondelete='CASCADE'), nullable=False)
     
     # Relationships
-    creator = db.relationship('User', backref='created_rooms', foreign_keys=[created_by])
+    creator = db.relationship('User', backref=db.backref('created_rooms', cascade='all, delete-orphan'), foreign_keys=[created_by])
     members = db.relationship('User', secondary=room_members, backref=db.backref('rooms', lazy='dynamic'))
     member_permissions = relationship('RoomMemberPermission', back_populates='room', cascade='all, delete-orphan')
     files = db.relationship('RoomFile', back_populates='room', cascade='all, delete-orphan')
@@ -65,7 +69,7 @@ class Room(db.Model):
 class RoomMemberPermission(db.Model):
     __tablename__ = 'room_member_permissions'
     room_id = db.Column(db.Integer, db.ForeignKey('room.id'), primary_key=True)
-    user_id = db.Column(db.Integer, db.ForeignKey('user.id'), primary_key=True)
+    user_id = db.Column(db.Integer, db.ForeignKey('user.id', ondelete='CASCADE'), primary_key=True)
     can_view = db.Column(db.Boolean, default=True, nullable=False)
     can_download = db.Column(db.Boolean, default=False, nullable=False)
     can_upload = db.Column(db.Boolean, default=False, nullable=False)
@@ -86,13 +90,13 @@ class RoomFile(db.Model):
     type = db.Column(db.String(10), nullable=False)  # 'file' or 'folder'
     size = db.Column(db.Integer)  # in bytes, null for folders
     modified = db.Column(db.Float)  # timestamp
-    uploaded_by = db.Column(db.Integer, db.ForeignKey('user.id'))
+    uploaded_by = db.Column(db.Integer, db.ForeignKey('user.id', ondelete='CASCADE'))
     uploaded_at = db.Column(db.DateTime, default=datetime.utcnow)
     deleted = db.Column(db.Boolean, default=False)  # New field for deleted status
-    deleted_by = db.Column(db.Integer, db.ForeignKey('user.id'))  # New field for tracking who deleted the file
+    deleted_by = db.Column(db.Integer, db.ForeignKey('user.id', ondelete='CASCADE'))
     deleted_at = db.Column(db.DateTime)  # New field for tracking when the file was deleted
-    uploader = db.relationship('User', backref='uploaded_files', foreign_keys=[uploaded_by])
-    deleter = db.relationship('User', backref='deleted_room_files', foreign_keys=[deleted_by])
+    uploader = db.relationship('User', backref=db.backref('uploaded_files', cascade='all, delete-orphan'), foreign_keys=[uploaded_by])
+    deleter = db.relationship('User', backref=db.backref('deleted_room_files', cascade='all, delete-orphan'), foreign_keys=[deleted_by])
     room = db.relationship('Room', back_populates='files')
     starred_by = db.relationship('User', secondary='user_starred_file', backref='starred_files')
 
@@ -102,7 +106,7 @@ class RoomFile(db.Model):
 class UserStarredFile(db.Model):
     __tablename__ = 'user_starred_file'
     id = db.Column(db.Integer, primary_key=True)
-    user_id = db.Column(db.Integer, db.ForeignKey('user.id'), nullable=False)
+    user_id = db.Column(db.Integer, db.ForeignKey('user.id', ondelete='CASCADE'), nullable=False)
     file_id = db.Column(db.Integer, db.ForeignKey('room_file.id'), nullable=False)
     starred_at = db.Column(db.DateTime, default=datetime.utcnow)
     
@@ -123,13 +127,13 @@ class TrashedFile(db.Model):
     type = db.Column(db.String(10), nullable=False)  # 'file' or 'folder'
     size = db.Column(db.Integer)  # in bytes, null for folders
     modified = db.Column(db.Float)  # timestamp
-    uploaded_by = db.Column(db.Integer, db.ForeignKey('user.id'))
+    uploaded_by = db.Column(db.Integer, db.ForeignKey('user.id', ondelete='CASCADE'))
     uploaded_at = db.Column(db.DateTime, default=datetime.utcnow)
-    deleted_by = db.Column(db.Integer, db.ForeignKey('user.id'), nullable=False)
+    deleted_by = db.Column(db.Integer, db.ForeignKey('user.id', ondelete='CASCADE'), nullable=False)
     deleted_at = db.Column(db.DateTime, default=datetime.utcnow)
     room = db.relationship('Room', backref='trashed_files')
-    uploader = db.relationship('User', foreign_keys=[uploaded_by], backref='uploaded_trashed_files')
-    deleter = db.relationship('User', foreign_keys=[deleted_by], backref='deleted_trashed_files')  # Changed from deleted_files to deleted_trashed_files
+    uploader = db.relationship('User', foreign_keys=[uploaded_by], backref=db.backref('uploaded_trashed_files', cascade='all, delete-orphan'))
+    deleter = db.relationship('User', foreign_keys=[deleted_by], backref=db.backref('deleted_trashed_files', cascade='all, delete-orphan'))
 
     def __repr__(self):
         return f'<TrashedFile {self.name} ({self.type}) from {self.original_path}>'
@@ -197,10 +201,10 @@ class Conversation(db.Model):
     name = db.Column(db.String(100), nullable=False)
     description = db.Column(db.Text)
     created_at = db.Column(db.DateTime, default=datetime.utcnow)
-    created_by = db.Column(db.Integer, db.ForeignKey('user.id'), nullable=False)
+    created_by = db.Column(db.Integer, db.ForeignKey('user.id', ondelete='CASCADE'), nullable=False)
     
     # Relationships
-    creator = db.relationship('User', backref='created_conversations', foreign_keys=[created_by])
+    creator = db.relationship('User', backref=db.backref('created_conversations', cascade='all, delete-orphan'), foreign_keys=[created_by])
     members = db.relationship('User', secondary=conversation_members, backref=db.backref('conversations', lazy='dynamic'))
     messages = db.relationship('Message', back_populates='conversation', cascade='all, delete-orphan')
 
@@ -212,11 +216,11 @@ class Message(db.Model):
     content = db.Column(db.Text, nullable=False)
     created_at = db.Column(db.DateTime, default=datetime.utcnow)
     conversation_id = db.Column(db.Integer, db.ForeignKey('conversation.id'), nullable=False)
-    user_id = db.Column(db.Integer, db.ForeignKey('user.id'), nullable=False)
+    user_id = db.Column(db.Integer, db.ForeignKey('user.id', ondelete='CASCADE'), nullable=False)
     
     # Relationships
     conversation = db.relationship('Conversation', back_populates='messages')
-    user = db.relationship('User', backref='messages')
+    user = db.relationship('User', backref=db.backref('messages', cascade='all, delete-orphan'))
     attachments = db.relationship('MessageAttachment', back_populates='message', cascade='all, delete-orphan')
 
     def __repr__(self):
@@ -284,14 +288,14 @@ class Event(db.Model):
     __tablename__ = 'events'
     id = db.Column(db.Integer, primary_key=True)
     event_type = db.Column(db.String(50), nullable=False)
-    user_id = db.Column(db.Integer, db.ForeignKey('user.id'), nullable=True)
+    user_id = db.Column(db.Integer, db.ForeignKey('user.id', ondelete='CASCADE'), nullable=True)
     timestamp = db.Column(db.DateTime, default=datetime.utcnow, nullable=False)
     details = db.Column(db.JSON)  # Store additional event-specific data
     ip_address = db.Column(db.String(45))  # IPv6 addresses can be up to 45 chars
     user_agent = db.Column(db.String(255))
     
     # Relationships
-    user = db.relationship('User', backref='events')
+    user = db.relationship('User', backref=db.backref('events', cascade='all, delete-orphan'))
     
     def __repr__(self):
         return f'<Event {self.event_type} by User {self.user_id} at {self.timestamp}>'
@@ -316,14 +320,14 @@ class Notif(db.Model):
     __tablename__ = 'notifs'
     id = db.Column(db.Integer, primary_key=True)
     notif_type = db.Column(db.String(50), nullable=False)
-    user_id = db.Column(db.Integer, db.ForeignKey('user.id'), nullable=False)
-    sender_id = db.Column(db.Integer, db.ForeignKey('user.id'), nullable=True)
+    user_id = db.Column(db.Integer, db.ForeignKey('user.id', ondelete='CASCADE'), nullable=False)
+    sender_id = db.Column(db.Integer, db.ForeignKey('user.id', ondelete='CASCADE'), nullable=True)
     timestamp = db.Column(db.DateTime, default=datetime.utcnow, nullable=False)
     read = db.Column(db.Boolean, default=False, nullable=False)
     details = db.Column(db.JSON)  # Store additional notification-specific data
     
     # Relationships
-    user = db.relationship('User', foreign_keys=[user_id], backref='notifications')
+    user = db.relationship('User', foreign_keys=[user_id], backref=db.backref('notifications', cascade='all, delete-orphan'))
     sender = db.relationship('User', foreign_keys=[sender_id], backref='sent_notifications')
     
     def __repr__(self):
@@ -337,11 +341,11 @@ class EmailTemplate(db.Model):
     body = db.Column(db.Text, nullable=False)
     created_at = db.Column(db.DateTime, default=datetime.utcnow)
     updated_at = db.Column(db.DateTime, default=datetime.utcnow, onupdate=datetime.utcnow)
-    created_by = db.Column(db.Integer, db.ForeignKey('user.id'), nullable=False)
+    created_by = db.Column(db.Integer, db.ForeignKey('user.id', ondelete='CASCADE'), nullable=False)
     is_active = db.Column(db.Boolean, default=True)
     
     # Relationships
-    creator = db.relationship('User', backref='created_email_templates', foreign_keys=[created_by])
+    creator = db.relationship('User', backref=db.backref('created_email_templates', cascade='all, delete-orphan'), foreign_keys=[created_by])
 
     def __repr__(self):
         return f'<EmailTemplate {self.name}>'
@@ -368,14 +372,14 @@ class Mail(db.Model):
 class PasswordSetupToken(db.Model):
     __tablename__ = 'password_setup_tokens'
     id = db.Column(db.Integer, primary_key=True)
-    user_id = db.Column(db.Integer, db.ForeignKey('user.id'), nullable=False)
+    user_id = db.Column(db.Integer, db.ForeignKey('user.id', ondelete='CASCADE'), nullable=False)
     token = db.Column(db.String(100), unique=True, nullable=False)
     created_at = db.Column(db.DateTime, default=datetime.utcnow)
     expires_at = db.Column(db.DateTime, nullable=False)
     used = db.Column(db.Boolean, default=False)
     
     # Relationships
-    user = db.relationship('User', backref='password_setup_tokens')
+    user = db.relationship('User', backref=db.backref('password_setup_tokens', cascade='all, delete-orphan'))
 
     def is_valid(self):
         return not self.used and datetime.utcnow() < self.expires_at
diff --git a/routes/__pycache__/auth.cpython-313.pyc b/routes/__pycache__/auth.cpython-313.pyc
index b653a18c9d173551c801195f74d49e7d15f49e3b..c24b9567b4ce5c1ad8dd71f45597592b4ee0f559 100644
GIT binary patch
delta 2642
zcmaJ@U2Gdw7M^Q+JaOWmxQ*kG#P-B>(l|*I$0Q|5w`@Y&1X>!panqCrm>PSMm^!w5
z$8Jbg+H3_{T9BY{CB)B4mD+uvFG#yV6eJLfgjOs_G;RZ~MiEaH6}vB~QY|YU3g=uC
z=SPB({rQ|T=iGDd`MK90Jo913zG}0T3-H`|pnvL2`0w@xgF^z=2jA5ygCIOe*gpd@
z`^jMu|0@XNCU(|bUp-<$lg-b#z<gz%IubGT8b)lJ-ysL4f2#MeR~tR-UURv*?|DJ!
zCal9*%VbZPKO#IzQif4O^Dl<cKCp1Ftr9UtOzdP+)vocnl1Ln1BZZOr5?LZ5W|4hW
z?yihTy@qa56bA$dGUN3IB4ul$l0SKqKTFZy$OeDqYbI;I0pY08FN_KyVU+AAyGcL@
zRtygY4Z4)mRH`K6x(SH*T>Fuv8r4);Q?qg|!>q=Z9dp~Gx$IOsNOBn^6V<etG>ucp
zws3{$Vm5tBO|ex&U(JtITrV~iO--sL#h{Z78{PBN3HrKtI;YZE-7=9#X2I*zv$_F1
zn~SVou0ESdP*qc+Sz3ka=3F+GO3&!xM1pErDuRrf5wPgGYb_R~7#fd6qu30(JvODr
zPOS$KH0h=&oz!&msTuz3n2Ku3nP@T*SGb){CNvXR%IvSkv-8)1`v0GWTNUm?MKgSE
zc|!&7?!0$*!P}qr_Al22E;`<H+;r8hh=Ol`tO!P*{Rgw)aGjr6a_ua*!g*Ktz2jGv
ze<(M)2lKAM8}^}V;=jc&rNy!F70Kv(f}DHof8|1@Z@JR7SUvc;WvOyx+3owAwAj4&
zvnL9z2PX3eCKsm?`2)`s4rKE1kx$=n)5S`<?DQ0zZP%S`@0=(&d-Bd6cEVB59yfWm
zg&<}c2GFoHCuQ2n&Y3)+ZeS`<+5iB1S{BRCbv}3euE8$)SB-+%zJk<>SFm~)O&;2{
z@U^MT(7FSZDRwk%0tgb_noChN8dqZJTq>(!i-H3{y^i%tb<8h?iI0s+J)~>lWhrMO
zdzs0)gAA}{>rTKUR@%D{wTT=QDUOA1;eD5iPOEePcshiDI#fo$XsHLm&wjG{$qweX
zwK!=2C5;Fz2yJZA79>sVRoi{_e3e}&H3EPeE_et9``Ev1KGMm)vo(>X1)Kc}AzhcR
zI>g$3e7hHcD<4COTkL1~D!=<t;OA_-tEoDf(4c37gdSt%E}yw*z&czpGdCMxZ@4`3
zxHWnRK(FBYi$T)BY8WMDGwRdIM4C<qO*{qkF;wR3`~j&)0Oq!#w~jS$?Niz5WY9zL
zgrdAArS_-Tt&|&%AQeHFcOY&_5{`{-g&8T01GS^tQIs2_@i-ktwi*GeO^f?M3a5|;
z0dz}3OJnRXnl2QMA>diODccq689dHDt*(Kb>(y;!d_i)5136##wq}SN!ej)ETT_6$
zr-$*CwdjHGc|9KPkSD7YJRN13T9>&CEj!suwaw%;_FioU{4~}P5n6DkypIgCQ*zkP
z>w@`)x@6)|5+ysEQHxFYFxo%DK9K`vEI2gW_wua&DI^tylK@ArY^>QC6c4fI8v<tD
zw*BnghNk%~wczo$p(an*mYr<a1gdO4+GreQydb3t&<T|B);7`%(x(w9fQC}pB;&}B
z`TNMFh1dK)K)TtBfgt-xvXBex<G_!kf8m41w~Z|C-Oi2#e@~3;0^lANt#Ywz!8X#s
z8Y;IlM@zNjAEsVdk%d}fl~|GDgz&kb>~hOJsOqKGK?5P|Kdo1L&VmLU5K=-*re{=2
zp97vBK^PBO{{`U%0FeN34!QFHtg@|<-D^vBuP+c!OeV6wv4CZL0d{fM1#*^!+Ux3m
z-Jy+5w8zM^?2Go!J+tWdB!Y&3O{m*9-yn1jgwUA>QK2-+bN92B4sUo&O~%sGs+>*B
z`_r-9kz7(!+lvj<k7ize!)=^BrgiwYHU(BnHzw5-3|?xM9!F2S*!ZVl!w7CEJMSPq
zTYL<*G!Kp;oOk@<tJrWC!ckTOt740APa1Zaj1M$QbEwCB8+h%>g^AE@BHgU1zbL&a
zvBTk(R>@+s->nvGj#mzzKUlDO@>b81)pyq{*xVPgOV;{jt8;PN(C7CpStIO|nrch$
z4M*Q%Ss(3U?}tMJ@MlP%ClIC(rV;*#@H&7d0q_`pX%D?3kxFD0n$BfajlK<Uy=>?G
z-)=ih#65UF4Uszrq+xM)*Bd>rfP!A8D0p!w3VjP$+KqsgG>K3=4}j9kem9+t=aTA!
V^b)(>wa@M(-qoft6M@Cx_0Q?5V>18%

delta 2199
zcmaJ?TWl0n7@o7cvzP96d#5e!c8Bf4cCjtpLNE40p+#CK6tFE~Xu1x&({^Z?*`AqA
zQ-}e@2lT<9M+`(wjK&9|F)?d`CYT_JiI3HyH51eXN!0iPmIQ-|`u}I?g~l-1{pLUC
zzn$~n=JV8N$Nh`Bxj6znU9lY#*SCD)-(brVVHt$~;->)H2}?yJHfr;bc2-{{O@@R)
z(nNp*PfhkE$dVu&bv;}NgSJ6?lP$ZFgrlCN{iEI`YS6J{Vd)(fhHN2WSZEN2$u81N
z!a`IWU|%}gPFt=SnQE#w{-9V+n-lek30WIg;wjlMW^|g2I%zJLwenRXj(kNk)r4#+
zNz0#@P!f~Nf)uYsod|f+sNHhNblk9<lVBg-WX!O`z9gNo>U-Koh7E-pBmFwNB~Ewr
z0pqVT!fkKqg0}{KAB`;3^?h5{_x1XPx}k6ChHm-_<_f#7?YZF_xLH*3cJExcZN9R7
zzNll)*TKqNfx>EZyAi;^xI8D(Fza&#8Zdqs6k`JbIJhb1oQs`3a?j=vLyLC7>A!>2
zogBeeHRlM>NaljeZQG2wp``$pO-)9L<x6W+k(2R+p4LnQQv>#qUBMoBD%dZcMpDAo
z<+PGW=0Hx`L1OGHe>G`hzxyMA1$nfy1*M4;6)jg9?j2W?mWLCXd_tj3z@_a7C`T(0
zDiHz*RqSeBhy>Zsd7CRNaXPKgS<5q~PMKim*sLXvsnjs3#Mb9Wn`=SAa-(H5Y<Z?+
z!;G)^z$j2mLR8E;ZN`ljHk%(LVRk8h6RFHx%fC!W<o)A?;`(jKjUn(84j{!fTG>mb
zq0$|&KAFpFhAQK#0SAf_I>5dt4LY+5>{e;Q$<>-ze_5cj2Q72~SYCen1cVi|x^c%n
zqa2Hm>GVX@LAl&66y|nzBh|@1C<~tEsadWu>Oc->_acR5MDq~#AnZlxN5Imwe1>AK
zRI4BN_u;->PA2JoT&_dF7}D&aktznToM|(m=`&W$qZ&FMQZ{J`at|P2e?Jn|l}H_A
z)8%Cl+gHkK$)U`Z^6w$GnO7@%Nk3jXYF~TRPBgU>S-z|T?7dY-;{JG0md{W3GbvEw
zjG$ncwFhd*IhG8hz|VI9B0@1PgnCFftEg@aEyoq&pGrdL<K}Ei$(CLR>UT1|I_%tm
zWEHzqJsUcV<TD6I0ERBF&W(=S?QB~(?BvC}jg5vkonDg-etrohdAwGF%Wtyk5-9TM
z1fe6i$8&;7prZ(J1YW{+sv><HVG<xaT^thjzH4I}xtQtRcpt*e+9FY}8w85rznB!+
z`N9x8A6X!qGZQs$*;#pQ2eGlkwO#DP+FDjuQ_TLTUFY2}0F5u2`lO;UcU>YMbCT@^
z-T{;BRNX(2*OT?TZTAIsz5YtmDUbjimugJuGYX~8!<tVcJP~T2L3jb+ZzNtsILkiX
z^2RF7q&lvekJ0>hmF7&t`4;ZeW;tO1zyP<rskD|b)3T}R+GDKP+4fk1Otbf5u`LuW
zVs7aa0&hkC((I2z$D~u#Kn_;s$r$rDRz2~oo|Y1_CP7C?Q~J21YW2K^q5)cfqN|#Z
zjW&kXmIP+cvQH@*be=X#526aD+H$~9NUmzaHCg8c#9QlsY6m9T4BGJWBgc8-vcqbU
zn?WxI)|Z42lt}5;R_Bkn*`FES`YT~q3xWmJTYm^v-}Q*)g@20fT>rh|*CQq2r>@Q3
z@Ezixop<-mSH|Xx8s~hCxAUszf=|xpwavNPXoOv9YS>v1*67m+GQt>wiSQbLf!{>#
z`(Zg)UR6`gIMvgpV$e5%Tg+;je=6Kd#CH5N^^&_bq``Pu%f;50LBMjy`7n>i=>=F)
n{JL>Xsvwn}09>x)gq}=KDck8g?6;O4zl&5Y77jTG7z6fy>TmxJ

diff --git a/routes/__pycache__/contacts.cpython-313.pyc b/routes/__pycache__/contacts.cpython-313.pyc
index 24cac0ca2a99ba79825d8672f1f2936214462d2d..33a378db36a8f2b1eb3f639be869a5dd21a132cc 100644
GIT binary patch
delta 21
bcmca}fbq@&My}7iyj%=G5N@`SD<}Z~R1F4J

delta 21
bcmca}fbq@&My}7iyj%=G5N^1UD<}Z~Q}hN=

diff --git a/routes/__pycache__/main.cpython-313.pyc b/routes/__pycache__/main.cpython-313.pyc
index fcba5ca355db065c052b65c08245f330fe79978b..3b7f8edf9b68a4d3be2b790ce4858d0a37559050 100644
GIT binary patch
delta 5890
zcmb_gdvH|c70<WNWRvg^kN^P|5+FB`S7=0o6r*5~hz1N;O>4StZj!}hclquO8mO*;
zPOIaHt)F$L{vk$fEtRo_RYRag+N!*&q9DliS!=OYMynM?3)=HLH`$x4P?>2nnP0x=
zd7tl`n@^5-e*CT{|6lp}fh_uY_Ph(5@7bI`bBOpyYTl5`-R@iJf=cWwR6Bwr)K?b<
z)ZSrFh+-w)D=e6pRW}P)@N;Eug|J6;#mOOOi$Yh0OMRe?Ry&5}rcMsOcY4X{$t4ZC
z8H%(RQ@{P~DdAXjl`f5t8Hq*fBMnou%F0O8)SGmvem#GmSej~IaL^?}s%GIhVXD}|
z*#S>DWSDXSF;R~#oGX^9j~7lHxs0arY68m}F`_Zka<}MFxm=Z9nw<AN?41o532+l=
zlVl^tO@L;=YJdTV09F952VAGbqTuKn8d_&H#$;>AH1&r1P}q#DikR*4Dm7<OX;BMK
zwgRF!m=|kl&<(TRlp&*8#;_h&w=OF6t;A5Ot&1wgwqdvma0B2*Ks$jki9ijl9;brU
zel@+iLNurJ>W~;edV~L7|3jXAlNRp}UVflv>7klyUaYxhe?i@$g8CN=>QhH9`)Fw1
z^bu7}Wu7mmjjU>#k^1Ykmkbt<tJ3H;u`Ttt=ubs(9nsd@R)8!NX{<Nf<GQS-CClII
z5%sfp-Lf89k=p=I0d@fX0Qe)|_XJwD+=KCdKluz!dYOUTma1BLo)Bx)YB_cYNLa3z
zVR_;qvsvD*9+nj&Izf=R4#H?AV6FN{7L9gTWy+(b856_?RbvFjcD2%2J_c@*hX|~k
z#z>1^&-DL<#ivtm8!!09`>8E!7I?)@b^MmX+1FxY37{5N+~wbDmSId6^K{mX2B~AZ
zh+w0TJMqUQkE`mA1ryUkZS=`GID}mZ`&u5UhZ^KAwWXu!JJ8B<Q$)*&*xvvs0u%sj
zB{9kaFr6P^1UfPVxCxL@KUiB-$sF#(+$9KhVdTarEepr?##~#LPqBX-a8f<FcB;>Z
zqh9sTwL#%c4PBS*PcXq_IKgK>OJ5jh82LFi(uR>=V460J{5Pg22sXNH4IFU<Sb7Mw
zG18A?*;werC`V)^vi>)tfJ^`c0~qCD#2Q(cp4LS9bk4}7Bf-?j+n0JMa8}$o&c`wf
zwf@c-GnfWD;B<sGx~yzFgCY%bXzGJI!>%i~gJ}U|7)4MkyJ@cF_H*-S>>=6u`I-f1
zNe5#CQptmWF{%6SdRr9p7NAyhF-49EEzpnbTJ@{DgW_On=iL)r69)>xH);n8p#sTL
zUoVTw<m3RUAL^Vv77n+3`YJtY8g|U2(?Xt5k9STGkEuhQS1g(ZCGfyYjwU~iEN`1Z
z54bg0Z>2ZA-qc&;Eg@4k<US};juU~fA?dY=U9U&Ab8Yoa6@Q?>XNQAY|G+s3iia#Y
z99K9gIPBR839P}*mNy=1BDx4^%Wdc;yWDbz8X9c7azgOq!8yd)bSrLm07e1U0!9OF
z2C&zkr;(-3e{g&AY{+mPK%+Hnusk2*8Q9MY$6Di|XnQ?M0Ba@L7HKocN}RRR4HvRu
z6)I?k<z=(VU(%|agF_X`_$X1By78fL{@i{ZQ=N~j@YK=)71%Uhl&k5Rv_eGD7x`q^
z=rmH;j6|CZIg^fPLQYrarn1o{sB#!_ezDCvv6iE{Hx*5I4MQik-oo^C0tzR1MjlC>
z-1ND7aX%@rx}1P4Y_v#-BbV{iY%%0jn0^-k!D=t*i%Q(r2K9ON;>~3uN5wWz7|HCJ
zpIcsxYml9oKD_x}A4T3pTZ?lqz=~~nwQ}p#qE7AIT2(QFR*87pAsan*oyuXWMnkQ-
z+zVZvBiQJYKf!pHs_HHk-KwQ~d4kQ7ja4te2Ur7m0gz#;VOX2%$bpe#GftLCI5G#o
zA=85qE60|DhVm@}&0~w4%Rz*|A!RSyHo@a-0nzQs=((6A?CP1mtPUFXnG6Rrq&)+n
zSO8}0;vgknbDq)yeY{reKBp91ET3Ugdli;jh>exs7sxHKCaS=qUbaHCsM@i+z;_Xb
z^VQ+qGe%f>I8fgfZ=hsukTLA6R7HEvA^B_eTt~fFYR{A<u$q$_xMBMlC0M=$*blfJ
zZ~*W!U@QO$Z+XlJx$+gv)4XTSKLg{xiYsgYc58+k{BobVe{a!HyAxnVxDz;%I<WWU
z9170gyxcwRHWJ`H57E(Fmam0c%1GSunr-nGowDl=)p77MAJ@U#Qa2yEOJqY{%}vcp
z!Qn#RdI-N*h2AVuI}Qd^)8TO8UD)@^JLr$x0JsOB07-S^uoB1AYU{o}lH*=&b%%aI
zn_8Y7m_LL<2uv$m>W#XT^n0opfGMp&uUqOvrrj#!K#g2G3erg<JJr!Q7WixtQnTM&
zl^bR|Re=?!j8pcjvBs|#>+HP#pJU?`wV(PSCb0<nCjegpzRFTV-d`5UcpDvN%!i*!
zPW*FW9vs$koMd;N-BZ4?xTqENJvLNE5(B!5uQe4;QQ_DBl>HS%=T?Ht2j_SP)^Z^q
zM;QA@VT~INH%6!u<fLVU1D_8qzn^^_)1JinK_EF8fI?^GnK3ieQr}y8xty@^D%G~5
zK_7<J7*$n0B6aNOI)8%wm+mt9G2!0L;dF*hl#fCV$A!abs`d7>>@%*ws9aVc60Z*>
zsMP9)!L29d0t<>BfV%;$u-7NhG63)c{*TVdYXq-3pvuy5f5vr{J=TMbEjWTsfD$Vs
z?9#<K!w2%WeJa=*)udiKR_Ys2nungaYAPGY-;aITILwri5*43X6l(T&sh^)1U+ENQ
zCkD9<bRudgWQMq8U?UQxmpU5O<?HH$6I13n9yqO{T_m~YwX!*UsN0Y=ed^2ZRPD*6
ze=bK%6}ULoaDs)in}g*PDJ~yPmUu<gpeWI_d{?#`)Z59d<PBa?ch-a8gY3{I_RGY%
zj<Yj9cN_y`B;idEjeER~<oP~PoXGI!eQD9T%EDB(xjlxiUoZLL`&zaQ%rV=myCLx&
zRwdSE#@kG}7b|SAIE{>aA{`8>-A9LX9rcN|0|Fq~o-ayg*_9F`1`TX>sa4qzVh0E)
ze>e|8Q|?V3%ojl)+7!7md4h-}mSgOkcFAXH!OHIIn<Jlq#@U&vGzz!4Gv)yDV|pDp
zbPgc*&3#J=wRgC}weu~EU{`8f4uaY%0PfU|bUimnM6wf8vBE(#jYf7a(PqeuuSV9G
zDV(B)P^oy0?rOryk$N~1k5GnCiRI%6!1oFufv~*Iu{LS&$G2T^zR1cN)%&H13R5c=
z686=Z<ntrN_{6|(5$0om%sLWrwc*B_OAc;OYwuLabd#U)Ve<{dxYZuc#Yjlhu>qNo
zS(EsigZ;<xpOGD0lWvA`PC9Tonn!f)vYb(vI3Bn<^{+&9m<v&H*3~pjt4Qj?0hxwz
z-b1cLzHplvYi!K4f@41JXD`Rc%UDs-wSJT+_GT0$$^(9#5n=Q{A|Ag1&gpo!1%axT
z-=H`^2ZNx~hGa&(V=<2SQ`4fzvA^W_g?tCBIE0sXT{>RW^?&^w1DxsW_j>X#lSS3A
zEFx-&snP}aJPi)dBrB$f;*rl{yc4jC;B?;4@U){9$ARN`HWNE}+rT*Jz_bLwFBm^s
ze+E~68QHL`o2@s_y(8ulK8G{>JO(nopYc3$4n2?KO#DdK{1Wkmt6*UJZuy#YGkimX
zJdixAOq3*k2Tp$n90hy`_!!^?p%H+wfFNKJpcJqK@O?l8AOUTFb$~|zvj8bT58wsB
zVF1hdE=C^;>f7bJ$tTN1rTDb#c$wJY6)z>bXNn~vk<2X@lXLOX_nIwvLAe;^>&8Mj
bSywJ9bKiuZYXF}n?=Pot_9uJF#S{MlhF4`1

delta 5844
zcmbtY3vg7`8RqOOo84>(hL{inZXO~xfF=P61_Ndgg+#Q-OB*$_?A|1co89HyyR;xR
zJk+U(kMY>q)|s|JopCayV__Y`Q)qo4j|z-p%B7&RqsaIe9aMaQJ>P$my<rV%+f3%m
zdH(P7|NqScryQTX=kT5J`8-49Pl5Nk_WL&Zs`J>#sp)w)+u0iNNd6h-7bnh?xaWDD
z^2n_dMZ9d3*fo5(m|ox(y<_vm?tHKC6^#|m1)kKng7&M18AF4y=rWaS0X-axwuD1s
z`}K#|ywv)cZ`u5dB@tc($N@~1U}Wpz4pq|w9dVuzYi8BvW`$He5RPbuBN)(h@zSh%
zHcznGWrYiI=jXWN3~SMtZrCGglrIu>vy;>B#NMTVLV#U@ayf6qxE&A%+yl@7O8|ER
zB7mUCYxJ|ZqPnq&-6k3vE6Y2u90kNA7&);>NDA4a^MKaQ<5*uRl8u!vj-e*@G+r%O
zQ@)L_5W|`lvv5jp3NZhuKl*;>J2a;DaM6_BqWZ%{^*a{tTC#P?8%48wi{>0Inv?qM
zrca0ER2MX~O>msADr{)0Nqu_P4MSOvm=fK_cBIZkA7dr=Ne+tL@JNNjtu6ZUxXPQr
zbe#n8bi8@NZp?N7{tEaT;3dGzfEOhwZoVJm-GGap+=G)&llYF*yrokZTPfD_QF$O?
z*kaNl@qpgW9~N8r)df$dY2{*64OlDeT6wX>DpMYDomN`50o1a?TC6q3I|91lSR9K*
zjO>}e461R24Bsi%Y70ls1;KyN+17AGZ6VgLVDZ(|XWGFm_F?MfduBS>Ug23?Qrm)!
zTLBAj#a=V1orf@;L(_>>A>N8<ql9k8_u`L@e<ki*J+mw=Z?}sgl6E=FZaBCa2=R5|
z<<)IBLSe%mj_SNjjyTld<p7FjQ-4g;k<IVN6m&Sn{k<5i5`0a09r*JufSpNzE4c%s
zv@8_C-Ck3cv)KO%a9$i-Ghuudj=CfmPKpZ6EBE}?51)jybf8R}+*FXNU;D93TB>?o
zekYN+&|Lg$98a5ze}ie-T>M*1&q?UEoA$AUv_TN31Z5=8!m(^DP-u8C`o5(W_lF8j
z|A?t@#0xSWjC>f8;f`T?QN!h?{0}ud*iNzX(a|mv)h4<gt*WA{<c*8n@3t9k^Oc1|
z{F2R&1#M+J!D<9J7fYDWx68TW9pLhjq9j>VK*9{gS$Kl?0!mVwAO9Dtpe?|B#YWdD
z7!=O{8f(RtC;Y58b@YkSOpbJ8{`WXmy82k$lpN!cs%jf*N5Q9tOI@Z$b<GTx^n2jv
z#GVbM>;-Xp!!3D}pv`0eg^^p#da7jfVMshtE*hSo#$}p`-K|EI$)<-A;++qQT&8P9
z*Hhy=$+yFCg~FZ!n=HEuYjBz2j0f6OQx3zfsXDpOum?gRD|>Ou9P~=2;^KpVHGmO-
zwSZzkCxBdeP>u}I^z`=jDbU~=fFjqFp}Y>`D(vS3V;%88ba@Lh3~9wlX;WVun+h-=
z6fU?En#yIV(hMirk3TC{`L#GSITd}TF3US04n*otOGMem(XM9fPZSLsl@f%-*S?NG
zIC`bjRS!qoG+raO6~?Q?0~^N`CqR(Gn4Srl+k7Ts|Hkst<Jh+1=Om^lB*>6~Q~0UW
z&_91=pEE!TtS*uujjKiY0!$auRF7!<HcW2^K(P5Y^hX}<E4lqnU9f2!^N7`(N(+fS
z@w4;maSgIdrdu~X>5|bke@lh89xJBJ#o8^mvpdA`Ee+GF<*Fo}_C>dYylZ5WL8E~V
zl^=jEuS@8*@n2(%WVfPXMl2HJqG6w(Z5Q`$UD!zma$_Hj26q8g0uBK(jFykJX_iD7
zS=OVcaXF4qR9V@I)Fc~1SAJ50;xL8xQY0aIq}q3FD|NU!Ky;_L|HT<n!o4qEwcrl9
zkTxC;W=Q)Jgdzcmt&Jj8@|v?t@$~arxp({wa4}r69n!-={=8&k`1+$c5^Iw+n6>aI
zM2q2IUjJTy)G0Z9hWKP}RWZLA`#HGNl8A=_x*Fnf+~eZvedE1|ixs6aIhRh@u&-D=
zux}bmh*$PqaTCmHy&&8-Ljt9kzX5m?@G#&A;4Q!?0MdftKs(2eVos7Yk|aOHJ^#cV
zG7&jG!%<oMu-Lr6e3;o1kY3ahoJzg7|46nB<Q+%0j$S7vIPH*h6r16SXgUwa4X2)n
zM^yO|9}(iMvo0!q>r#*PKF-__Sh4f<qVi~o>rqHQCpj#OT`CUs7K-IZgCzn7ocs~_
zhj#&zfF}UI6<;0|><h8p_(MO<s$(7Yz>{)QdVy5<6*NNZ8g8z(s+`N;!NLT_G(3H7
zY6<9O(~u24yk?-JUl@N%oIf$sWr~oR{q{0%CmE^%tmu7Fv+yORO@RNV-pkI2NHpT&
zIly;-AyTCkl|SRLpsHyyxA_|y8*cM+b!kGj#C|dDgKNSW`PCAHWT13Q8Kf4b!(k=c
z${JSc9yCwmqEg<UwPYzO7_`d}b3f1Tq?$2k-vvdenV_OWNr6gD4kWU?^&6a{R>O`F
zYRh0QQ+xxAZP|Ikd7K{#l6e4>M<Yj%>48W~UuC8uMCO_*4t(fmlTsgj`1>r=iRngT
z0P+9Lll(cbxBOTjr%GRYOU|KkjWTC=!ts{CELoSOb16B?7eVs5K?33`C4I(+a#j)h
zzq~*uru<Ce90O^HGoS-bfj_E+d`=kwl`h>Gw&s7q9j|5Mxv7souXJ5dzRSN|G=a>K
zW!8ra&B4J{zC|<yvV)P`{yOpOx0lsf1>EX;MuM3YI`bet<dr6s&qU_%Xi()R9zS=*
zbc@GD72P6<DNe&pVIq4GJ{QzMj&Dn~o=axc|L{Af9-fk02zT(^GoX=wE?MVf4Y^b_
zT=SM|y4t~6@<AtSzT_G3!7EV82E4I6%e!V1kLOjK@x1N@lU0B<$tD-8=*;k77q&=u
zD!8N!+1H_|>fM|Y-1i>Rg|Ej9#eI-*zXZb-OX%^0&JSRPOte&vG@s<;_lt>5!+O4R
zvDFuNJo%81RZg^uX09q5wMdIJK|CVsqU>MZ1hFF$<P)LC44V8v@_irkyU@FEp3Kc<
zm6t5S*g9?FuO%CES+Uu@c(6GFKwU9K2a-Pzf*N&u>8n4b9ul+TAaD`@6Uug_7sQSN
zs8c&7SGAsh=Q7pZc_mgUO0JS4vx`V*{0rR9s0u`7kkTM4z;St3VMaDrgW-5sz5rP|
z={O?nbP=RrhO<4E;F=j_6mQ=Q88V{pqY;H;KA#1yedQzhP9eLjbHFzT1O*>cEHXK<
zph7`?H&qMVke$6%{L(%Czz>)oCr0h|aH=DW*MjK4Q17%t9Swo`$w4lpaL@RLrQ*^F
z<*ewZx^f-vl1Vcv421-hnZZg*#gN<Oy|ju_-N6h)bkBn;l@wPnp~qTVGp%5mk2={~
zMD&>w8=u_MHG)+*GfIpMdrH5EGWq`@8ovz{tQaLhpsJCj$v8k`g1}SqGRpydq**~f
zI4v1D=7-!dsPQgXQ5Y}kX}*j#4@_^C0j%Qp!|Clr^2`|4kk2GhgH7NzaCikAUQOP3
z1*<6BgYj#Cy%H|w{R~fAT3Kn298YE<C+`3wD-PCRIu<|)i*nT8!L<u(WLVP8)EjH>
zvU-WH;|yg(Pp0=XvLU^pgE&saPxUMu%U-Y*UD%f!t~ON<{vyPWBrC?Tv7MX2=``RY
zz$bt+0Q`rDUkVrvC<TlGj04;XxC^iZpaGTv?gMNDOaeR)*abKQFaRXy`xt$~WIxW|
zPaYh{>e$&H&v>@m$=*oruV!=Es^q8|HpYv@-e<Pt%{6R<Ya13q$&MOUr@R9}smPwi
c>I_V40h1&c?rS?@p+rQT#@)$7HSC4|01Yf`S^xk5

diff --git a/routes/auth.py b/routes/auth.py
index 566d03f..e07a853 100644
--- a/routes/auth.py
+++ b/routes/auth.py
@@ -11,9 +11,19 @@ auth_bp = Blueprint('auth', __name__)
 def require_password_change(f):
     @wraps(f)
     def decorated_function(*args, **kwargs):
-        if current_user.is_authenticated and current_user.check_password('changeme'):
-            flash('Please change your password before continuing.', 'warning')
-            return redirect(url_for('auth.change_password'))
+        if current_user.is_authenticated:
+            # Check if user has any valid password setup tokens
+            has_valid_token = PasswordSetupToken.query.filter_by(
+                user_id=current_user.id,
+                used=False
+            ).filter(PasswordSetupToken.expires_at > datetime.utcnow()).first() is not None
+            
+            if has_valid_token:
+                flash('Please set up your password before continuing.', 'warning')
+                return redirect(url_for('auth.setup_password', token=current_user.password_setup_tokens[0].token))
+            elif current_user.check_password('changeme'):
+                flash('Please change your password before continuing.', 'warning')
+                return redirect(url_for('auth.change_password'))
         return f(*args, **kwargs)
     return decorated_function
 
@@ -280,6 +290,7 @@ def init_routes(auth_bp):
             # Log password setup event
             log_event(
                 event_type='user_update',
+                user_id=user.id,
                 details={
                     'user_id': user.id,
                     'user_name': f"{user.username} {user.last_name}",
@@ -290,7 +301,9 @@ def init_routes(auth_bp):
             
             db.session.commit()
             
-            flash('Password set up successfully! You can now log in.', 'success')
-            return redirect(url_for('auth.login'))
+            # Log the user in and redirect to dashboard
+            login_user(user)
+            flash('Password set up successfully! Welcome to DocuPulse.', 'success')
+            return redirect(url_for('main.dashboard'))
             
         return render_template('auth/setup_password.html') 
\ No newline at end of file
diff --git a/routes/main.py b/routes/main.py
index 0a049f8..fc69fbf 100644
--- a/routes/main.py
+++ b/routes/main.py
@@ -70,7 +70,7 @@ def init_routes(main_bp):
                     Event.user_id == current_user.id,  # User's own actions
                     db.and_(
                         Event.event_type.in_(['conversation_create', 'message_create']),  # Conversation-related events
-                        Event.details['conversation_id'].cast(db.Integer).in_(
+                        db.cast(text("(details->>'conversation_id')::integer"), db.Integer).in_(
                             db.session.query(Conversation.id)
                             .join(Conversation.members)
                             .filter(User.id == current_user.id)
diff --git a/templates/auth/setup_password.html b/templates/auth/setup_password.html
index 1501c7a..a828382 100644
--- a/templates/auth/setup_password.html
+++ b/templates/auth/setup_password.html
@@ -8,28 +8,6 @@
         <div class="bg-white rounded-lg shadow p-6">
             <h2 class="text-2xl font-bold mb-6 text-center" style="color: var(--primary-color);">Set Up Your Password</h2>
             
-            <div class="mb-6">
-                <div class="bg-blue-50 border-l-4 border-blue-400 p-4 mb-4">
-                    <div class="flex">
-                        <div class="flex-shrink-0">
-                            <i class="fas fa-info-circle text-blue-400"></i>
-                        </div>
-                        <div class="ml-3">
-                            <h3 class="text-sm font-medium text-blue-800">Password Requirements</h3>
-                            <div class="mt-2 text-sm text-blue-700">
-                                <ul class="list-disc pl-5 space-y-1">
-                                    <li>At least 8 characters long</li>
-                                    <li>At least one uppercase letter</li>
-                                    <li>At least one lowercase letter</li>
-                                    <li>At least one number</li>
-                                    <li>At least one special character</li>
-                                </ul>
-                            </div>
-                        </div>
-                    </div>
-                </div>
-            </div>
-            
             <form method="POST" class="space-y-4">
                 <input type="hidden" name="csrf_token" value="{{ csrf_token }}">
                 
@@ -50,12 +28,119 @@
                            class="w-full px-3 py-2 border border-gray-300 rounded-md focus:outline-none focus:ring-2"
                            style="--tw-ring-color: var(--primary-color);">
                 </div>
+
+                <div class="mt-4 space-y-2">
+                    <h3 class="text-sm font-medium text-gray-700">Password Requirements:</h3>
+                    <ul class="space-y-2 pl-0" id="password-requirements">
+                        <li id="length-req" class="text-sm text-gray-500 flex items-center">
+                            <i class="fas fa-times-circle mr-2"></i>At least 8 characters long
+                        </li>
+                        <li id="uppercase-req" class="text-sm text-gray-500 flex items-center">
+                            <i class="fas fa-times-circle mr-2"></i>At least one uppercase letter
+                        </li>
+                        <li id="lowercase-req" class="text-sm text-gray-500 flex items-center">
+                            <i class="fas fa-times-circle mr-2"></i>At least one lowercase letter
+                        </li>
+                        <li id="number-req" class="text-sm text-gray-500 flex items-center">
+                            <i class="fas fa-times-circle mr-2"></i>At least one number
+                        </li>
+                        <li id="special-req" class="text-sm text-gray-500 flex items-center">
+                            <i class="fas fa-times-circle mr-2"></i>At least one special character
+                        </li>
+                    </ul>
+                </div>
                 
-                <button type="submit" class="w-full bg-blue-600 text-white py-2 px-4 rounded-md hover:bg-blue-700 focus:outline-none focus:ring-2 focus:ring-blue-500 focus:ring-offset-2">
-                    Set Password
+                <button type="submit" class="w-full text-white px-6 py-2 rounded-lg transition duration-200 mt-6"
+                        style="background-color: var(--primary-color); border: 1px solid var(--primary-color);"
+                        onmouseover="this.style.backgroundColor='var(--primary-light)'"
+                        onmouseout="this.style.backgroundColor='var(--primary-color)'">
+                    <i class="fas fa-save me-2"></i>Set Password
                 </button>
             </form>
         </div>
     </div>
 </div>
+
+{% block extra_js %}
+<script>
+document.addEventListener('DOMContentLoaded', function() {
+    const passwordInput = document.getElementById('password');
+    const confirmInput = document.getElementById('confirm_password');
+    
+    function checkPasswordRequirements(password) {
+        // Length check
+        const lengthReq = document.getElementById('length-req');
+        if (password.length >= 8) {
+            lengthReq.classList.remove('text-gray-500');
+            lengthReq.classList.add('text-green-600');
+            lengthReq.querySelector('i').className = 'fas fa-check-circle mr-2';
+        } else {
+            lengthReq.classList.remove('text-green-600');
+            lengthReq.classList.add('text-gray-500');
+            lengthReq.querySelector('i').className = 'fas fa-times-circle mr-2';
+        }
+        
+        // Uppercase check
+        const uppercaseReq = document.getElementById('uppercase-req');
+        if (/[A-Z]/.test(password)) {
+            uppercaseReq.classList.remove('text-gray-500');
+            uppercaseReq.classList.add('text-green-600');
+            uppercaseReq.querySelector('i').className = 'fas fa-check-circle mr-2';
+        } else {
+            uppercaseReq.classList.remove('text-green-600');
+            uppercaseReq.classList.add('text-gray-500');
+            uppercaseReq.querySelector('i').className = 'fas fa-times-circle mr-2';
+        }
+        
+        // Lowercase check
+        const lowercaseReq = document.getElementById('lowercase-req');
+        if (/[a-z]/.test(password)) {
+            lowercaseReq.classList.remove('text-gray-500');
+            lowercaseReq.classList.add('text-green-600');
+            lowercaseReq.querySelector('i').className = 'fas fa-check-circle mr-2';
+        } else {
+            lowercaseReq.classList.remove('text-green-600');
+            lowercaseReq.classList.add('text-gray-500');
+            lowercaseReq.querySelector('i').className = 'fas fa-times-circle mr-2';
+        }
+        
+        // Number check
+        const numberReq = document.getElementById('number-req');
+        if (/[0-9]/.test(password)) {
+            numberReq.classList.remove('text-gray-500');
+            numberReq.classList.add('text-green-600');
+            numberReq.querySelector('i').className = 'fas fa-check-circle mr-2';
+        } else {
+            numberReq.classList.remove('text-green-600');
+            numberReq.classList.add('text-gray-500');
+            numberReq.querySelector('i').className = 'fas fa-times-circle mr-2';
+        }
+        
+        // Special character check
+        const specialReq = document.getElementById('special-req');
+        if (/[!@#$%^&*(),.?":{}|<>]/.test(password)) {
+            specialReq.classList.remove('text-gray-500');
+            specialReq.classList.add('text-green-600');
+            specialReq.querySelector('i').className = 'fas fa-check-circle mr-2';
+        } else {
+            specialReq.classList.remove('text-green-600');
+            specialReq.classList.add('text-gray-500');
+            specialReq.querySelector('i').className = 'fas fa-times-circle mr-2';
+        }
+    }
+    
+    passwordInput.addEventListener('input', function() {
+        checkPasswordRequirements(this.value);
+    });
+    
+    confirmInput.addEventListener('input', function() {
+        if (this.value === passwordInput.value) {
+            this.style.borderColor = 'var(--primary-color)';
+        } else {
+            this.style.borderColor = '#dc2626';
+        }
+    });
+});
+</script>
+{% endblock %}
 {% endblock %} 
\ No newline at end of file
diff --git a/templates/settings/tabs/email_templates.html b/templates/settings/tabs/email_templates.html
index 0fff081..3198615 100644
--- a/templates/settings/tabs/email_templates.html
+++ b/templates/settings/tabs/email_templates.html
@@ -78,7 +78,9 @@ const templateVariables = {
         'user.position': 'The position of the user in their company',
         'created_at': 'The date and time when the account was created',
         'site.company_name': 'The name of your company',
-        'site.company_website': 'Your company website URL'
+        'site.company_website': 'Your company website URL',
+        'setup_link': 'The link to set up the user\'s password (expires in 24 hours)',
+        'created_by': 'The name of the admin who created the account'
     },
     'Password Reset': {
         'user.username': 'The username of the account',
diff --git a/utils/__pycache__/notification.cpython-313.pyc b/utils/__pycache__/notification.cpython-313.pyc
index 4d2532f55dfd7a960bede6aa13569ff2440de138..c280b52985b3e8543f66586e2df5dc422eb4ad47 100644
GIT binary patch
delta 1650
zcmbtUZD?Cn7(OSrH))gJbS@ulnx;wGwKmO~o3=^TcE(N7&Dasjy$$V_&62gr+BK&2
z<fd-Zf%r$+oNm5;6u)ReTnZwS%V4nm*e~&?V`xW&4f{hV_)(aM_<^2t)2wm$L)d{l
z=Q;1k^S<vnmwcOtg88l>7!h6e$lmFQf7xu-8SB+;<_urEAE)dHB@oP8t#IDr#=ohT
zED1cQmz_i72&KBH(;!7z^1qkd62@f<4bfI=JBx*F7Msu_yTZD%HD`dO#zt`3x@^BA
zWI`S!w<fsV)S05HvKwyOybYdV_tT!7$%7K6HY9t&Y;P3YJdKgt<n}=>SI;z@I}-Kx
zR5`h$N~QBZR32t3b)B0kT@bK4IbT8m&vx%)-3cT;Uhc0Nr6;RTWiI<Gb5_;f37^@$
zLQisEC0=?8o-<fs!(Qk6zZwBeLwq2Opr+CLAR5VGFgAtp0k{yf7&y5vp_Ag2TZg20
zWw@<f?jO|W%*m08MUpCPYnKvC3a&QQ<1zTMDT+g&cl5`?31mk7y2@qJr#A0EUX-LC
zS$P>y%8yX4Az3jXX^Y;o$q{(j5yiXI>y9ATZp^2Z!u&*bCO3OZm{yeeAyH(TD4sHG
z9^vN}5g!D%>!|(+RUt|B71u$G1MppI3{QgJ{h`&ES5idDKR=^Pm-tLJm7gVt;48Ok
zI>ZuKgXA#0?unVsP<nv=^36P~dEUm7dcu1S<5!`kUEOI$P0q#a&BpFxVO897L)>${
zVO1QtA&%VgbX*jch2q?mlQ%uFMgCS>4_s|`>7B?O+VH5i+yBA?qvkOIebeutxGEUO
zb=+#BcPz@SMtRD~G_6@O6!K{@F*8-F%cpZw8YK&=rE|E(#{A?ggVz|GX0QPH?xlE!
z(HaH~4E8e6GY}cP#DEP&Tnt(nxGDH*wUSkm3(R#6QvM<SJf)Y_C4W*EXC?RfFnOb#
zqt!XiB4;U-YUc=R^XN%J{}?vAy1*P<Dx3Ayl+~Gmyvg7=!~)&?yOe$pCjuFqhC6{Z
zFOw^A$I^;cq^kEIb*$(}8rH-f{sVgW5v;)|UWC7U9WWdG+NIqG>rBfW^%=_dQ0@<o
z^t$j_c%e7UFVm1;;c{<G%Ux;xh@NS8_YK2O&J}VBc?-Vi^YS0lkU!yvz5q?R6L3JN
z|E^xseGhs<PW(Q^LLK^xGzei(Li_QedMz}HaS<MhH1F0X(r0F}N}80P>Ju7x-()_H
z6sfgjnk*=DnaspgibgL%CgSHmrS>{_Cvv!Rkuo0_kB|Cv>wT2dr&woi=o86{bR!&t
zJT&e4<B2nrmbe)@0ee2eZke!4BW!xY<{_+K!o*h)Vamiyp;Y_GvvX60Z2D1h4aNpe
gHy^{;S`2R>wqF{*GWGd0zi5189DW*DuVIP*0Q#w1nE(I)

delta 1530
zcmbtSO>7%Q6rS;VH?Ey*qsC6K6aTE8q_rK#ZrmlLCA5fAk)#U9+szNIS~;=Z8eFH0
z?E@exjx7)<c}jo^T8c_VC`chb5OLy&Xb!C^wUW6YIPi0zsmcYRO3Yj1q|E^#b*260
zn>X)$?|ZWg<sXXj-KHih;m@64_8xyabWxT~U)U<ma#oa5zY?MoXtvv7uEk5guPnFd
z6y9xZg)2NX>#(=25@I7hqP6S79xjm@Bt+{lN}O#G&RaD1h-cVau=$8?^ApWelasX$
zk*8~3%{L$v8sThfn_JNvRTKIkq#$Vi`ve33A=p_Hv}%EW1-sy_)^?#=Zvx*o<;m?j
zN$fK;AArPD4{VK%wnL@0=zTVV@Oqol6iV)|=O+%pOAU6oZLx&@w@BC!>3KMjh#}JZ
zP$J18IR1#*K3pGWW7P#Ms+$rAVJTwYojAC0P-j|fKq|<|(fU5|T%B#K2@NEtm+H{%
z9HcuT?TkD7bRv_useZHkFOWNlLXu;!<ZO3LZq(M97Ka~s^{$G?6%&BDd+7vRbWcf#
zc>;UBvc)q=X#}RdLv#wh^nPR!v-wo<MK%dXd=(q&v2lbXbSOi%)12Zg#WgdWROack
z70EwKVLq_Dy^#cZZ~4{hesx7$nO@Pq?Yj2pGpm8`GFL-4{QBI;9S8C5T60wvI`7fP
zH1C*)+%!88J=XCS;pPryTo!K0BIoQF?@(<h7c=Z=E?wPH%oNfFW#!7%?h&&C&)FG-
zHxOP$C_^~>G0nhg*e#vHz-hQ0c5F^9<H?)g?Aa~8&FOMwq9<t@MX3Wp%4Yc*v@kO!
z<q%%rP_@i3Y(Mof+lDct+dFt5r1JToxn=|d>?}eKXf!0wbNVyHqFI`T_o6>3C|4DZ
zWlBa9CShh2A;w|R#L{ps77@?!&F`=p8>9<h-TB8JV@7mkR2>R7Z1yIVPo`6)%qG2{
ziJgIXpDJG9rFY>(-w@aPx^L0*A>VVyn+6o8XUc^Vn}btvMf`-P`~{cdy>y{+Bi=~;
z#znl39@b4)rF15r;cd}8`v9ogW&M=Xd;Bf#h3hdF468vdP*M-kvCBLfw6U$2yAPom
zVckPj%I5N1t9G%M@NB)2(I6-=l&IRK%cYrY_NX!NdGPdy#m{+Mg3<oNe7-CFF54?u
zEg&$s*8lf@{9UU;jt_@lo8d=cc*hJchT*6TeKXWqBy0h>!l7z;{KQPUoX<SLzJaX+
gues8c+CNj*2(C*LE9tL}{AuvD1Y92Y&5VWr08ptxrvLx|

diff --git a/utils/notification.py b/utils/notification.py
index 0b54bdc..fe4298f 100644
--- a/utils/notification.py
+++ b/utils/notification.py
@@ -131,6 +131,9 @@ def generate_mail_from_notification(notif: Notif) -> Optional[Mail]:
                             if attr in notif.details[obj_name]:
                                 filled_body = filled_body.replace(f'{{{{ {key} }}}}', str(notif.details[obj_name][attr]))
                 else:
+                    # Special handling for setup_link to ensure it's a proper URL
+                    if key == 'setup_link' and value.startswith('http://http//'):
+                        value = value.replace('http://http//', 'http://')
                     filled_body = filled_body.replace(f'{{{{ {key} }}}}', str(value))
         
         # Handle special URL variables