From 8d20c1b7d8ee9a6d10cfdf09c537402ac310b7bd Mon Sep 17 00:00:00 2001
From: Harvey Tindall <hrfee@protonmail.ch>
Date: Sat, 9 Sep 2023 15:53:16 +0100
Subject: [PATCH] expand password reset documentation

---
 content/docs/faq.md                           |   4 +-
 content/docs/pwr/_index.md                    |  50 +++++++++
 content/docs/pwr/pwr-pros-cons.html           |  95 ++++++++++++++++++
 .../remote-network.md}                        |   2 +-
 content/menu/index.md                         |   3 +-
 layouts/shortcodes/include-html.html          |   2 +
 static/pwr-directory.png                      | Bin 0 -> 18628 bytes
 7 files changed, 152 insertions(+), 4 deletions(-)
 create mode 100644 content/docs/pwr/_index.md
 create mode 100644 content/docs/pwr/pwr-pros-cons.html
 rename content/docs/{password-resets.md => pwr/remote-network.md} (97%)
 create mode 100644 layouts/shortcodes/include-html.html
 create mode 100644 static/pwr-directory.png
diff --git a/content/docs/faq.md b/content/docs/faq.md
index 99413dd..f5d2a36 100644
--- a/content/docs/faq.md
+++ b/content/docs/faq.md
@@ -8,7 +8,7 @@ draft: false
 
 ([issue](https://github.com/hrfee/jellyfin-accounts/issues/12))
 
-* The best way to get around this (if you're using a reverse proxy) is to selectively not send the users real IP to jellyfin on the paths that are used for password resets. Read more and see an example [here]({{<relref "/docs/password-resets" >}}).
+* The best way to get around this (if you're using a reverse proxy) is to selectively not send the users real IP to jellyfin on the paths that are used for password resets. Read more and see an example [here]({{<relref "/docs/pwr/remote-network" >}}).
 
 * Another method is to tell Jellyfin to treat all traffic as local. I don't recommend this as it stops you from using other features like remote bandwidth limiting. In Jellyfin, go to Dashboard > Networking (under Advanced), and set the 'LAN networks' setting to `0.0.0.0/0`.
 
@@ -54,7 +54,7 @@ Make sure to check the ports you are using, as generally they correspond to the
 
 ## Does this need to be installed on the same host as Jellyfin?
 
-Not necessarily. For invite functionality, an http connection is only necessary. However, password resets require jfa-go to be able to access Jellyfin's installation directory, so you'll need to use SMB or similar to mount it.
+Not necessarily. For invite functionality, an http connection is only necessary. Password resets through the "User Page" Feature will also function, see [this note](/docs/pwr/#method-4-my-account-reset). However, password resets through the Jellyfin UI require jfa-go to be able to access its config directory, so you'll need to use SMB or similar to mount it. See [this page](/docs/pwr/#prerequisite-for-methods-1-3) for help finding the correct directory.
 
 ## Can i `go get` this repository?
 No, because the supporting files (CSS, email templates, etc.) need to be compiled and placed next to the executable before it will run, and `go get` will only compile the app itself.
diff --git a/content/docs/pwr/_index.md b/content/docs/pwr/_index.md
new file mode 100644
index 0000000..50eed57
--- /dev/null
+++ b/content/docs/pwr/_index.md
@@ -0,0 +1,50 @@
+---
+title: "Password Resets"
+date: 2023-09-09T13:32:35+01:00
+draft: false
+---
+
+## Password Reset Methods
+There are 4 main methods for facilitating password resets. They are ordered from (in my opinion, at least) worst to best, although your choice will depend on your situation.. They are described below:
+1) **Through Jellyfin (PIN Reset)**: The user clicks "Forgot Password" on the Jellyfin login screen, and enters their username. Jellyfin generates a file with a PIN code. Jfa-go reads this file, and sends the PIN to any contact methods associated with the user (Email, Discord, Matrix or Telegram). The user then types this PIN when Jellyfin asks for it.
+2) **Partially through Jellyfin (Link Reset)**: Similarly to above, the user clicks "Forgot Password" and enters their username. Jfa-go reads the file with the PIN, but instead sends the user a link that will automatically set their password to the PIN, as Jellyfin would if they typed it in.
+3) **Partially through Jellyfin (Internal Reset)**: Same as above, but the link sent to the user takes them to a special jfa-go password reset page.
+4) **Through Jfa-go (User Page/"My Account" Reset)**: The user visits the "My Account" page (`your-jfa-go.site/my/account`), and presses the "Forgot Password" button. They enter their Jellyfin username, or address/ID of a contact method (email address or discord/telegram/matrix username). A message with a link is sent, which links to the same password reset page described in method 2.
+
+## Pros/Cons
+
+{{< include-html "content/docs/pwr/pwr-pros-cons.html" >}}
+
+## Setting them up
+
+### Prerequisite for Methods 1-3
+jfa-go will need access to your Jellyfin config directory, as this is where it places the files containing PINs.
+  * General Advice: When initiating a password reset in Jellyfin, a message will pop up telling you the location the PIN file was created in. This is the easisest way to find the directory. However, this feature was [broken in older versions](https://github.com/jellyfin/jellyfin/issues/6093) and still is for some.
+
+![PWR Directory Screenshot](/pwr-directory.png)
+
+
+  * Docker: The directory you mounted to `/config` in the container, e.g. for `docker create ... -v /opt/jellyfin:/config`, the config directory would be `/opt/jellyfin`.
+    * If you're also running jfa-go in docker, make sure to mount it to `/jf` within the container; jfa-go should default to that path.
+  * Windows: The directory should be `C:\ProgramData\Jellyfin\Server` or similar.
+  * Ubuntu/Debian: Should be `/var/lib/jellyfin`, or one of it's sub-directories. initiate a Password Reset and look for a file beginning with `passwordreset` to confirm.
+
+### Method 1 (PIN Reset)
+
+* Enable Password Resets in settings, that's all.
+
+### Method 2 (Link Reset)
+
+* Enable Password Resets, and in the same section, enable *"Use reset link instead of PIN"*.
+
+### Method 3 (Internal Reset)
+
+* Enable both the settings for the above 2 methods, and also enable *"Set password through link"*.
+
+### Method 4 ("My Account" Reset)
+
+* Enable all of the settings listed above.
+* Enable the *User Page* feature.
+* Ensure *Use Jellyfin for Authentication* in *General* is enabled.
+
+* **Note**: Despite enabling the above features, jfa-go **does not need access** to the Jellyfin config directory if you only want this method to be used. You can point the directory to wherever, it doesn't matter.
diff --git a/content/docs/pwr/pwr-pros-cons.html b/content/docs/pwr/pwr-pros-cons.html
new file mode 100644
index 0000000..5c96cdc
--- /dev/null
+++ b/content/docs/pwr/pwr-pros-cons.html
@@ -0,0 +1,95 @@
+<table>
+    <tbody>
+        <tr>
+            <th>Methods</th>
+            <th>Pros</th>
+            <th>Cons</th>
+        </tr>
+        <tr>
+            <td>PIN Reset</td>
+            <td>
+                <ul>
+                    <li>Initiated through Jellyfin</li>
+                </ul>
+            </td>
+            <td>
+                <ul>
+                    <li>
+                        Can confuse user
+                        <ul>
+                            <li>Jellyfin doesn't tell you to check email/discord/telegram/matrix for a message with a PIN.</li>
+                        </ul>
+                    </li>
+                    <li>
+                        No way to enforce password requirements
+                        <ul>
+                            <li>User's password is set to the PIN, user must set their new password through Jellyfin.</li>
+                        </ul>
+                    </li>
+                    <li>Ombi Password will not change (if enabled)</li>
+                </ul>
+            </td>
+        </tr>
+        <tr>
+            <td>Link Reset</td>
+            <td>
+                <ul>
+                    <li>User doesn't have to keep Jellyfin's Password Reset page open</li>
+                    <li>User doesn't have to type anything</li>
+                    <li>Reminds user to change their password after it resets to the PIN code</li>
+                    <li>Automatically changes password to PIN on Ombi</li>
+                </ul>
+            </td>
+            <td>
+                <ul>
+                    <li>Same as above</li>
+                    <li>User will also have to manually change their Ombi password from the PIN</li>
+                </ul>
+            </td>
+        </tr>
+        <tr>
+            <td>Internal Reset</td>
+            <td>
+                <ul>
+                    <li>
+                        Enforces password requirements
+                        <ul>
+                            <li>Users are shown a page similar to the "Create Account" form</li>
+                        </ul>
+                    </li>
+                    <li>New password is also applied to Ombi</li>
+                </ul>
+            </td>
+            <td>
+                <ul>
+                    <li>Can confuse user in the same way as the above</li>
+                </ul>
+            </td>
+        </tr>
+        <tr>
+            <td>"My Account" Reset</td>
+            <td>
+                <ul>
+                    <li>Performed in the same place as other account management tasks</li>
+                    <li>
+                        Explains itself better than other methods
+                        <ul>
+                            <li>The page tells the user to check their inbox for a link</lu>
+                        </ul>
+                    </li>
+                </ul>
+            </td>
+            <td>
+                <ul>
+                    <li>
+                        "My Account" page may not be familiar to user
+                        <ul>
+                            <li>For this feature to be used, users must know the "My Account" page exists</li>
+                            <li>The page is already referenced on the signup form, but mentioning it on your Jellyfin instance or app portal might be a good idea.</li>
+                        </ul>
+                    </li>
+                </ul>
+            </td>
+        </tr>
+    </tbody>
+</table>
diff --git a/content/docs/password-resets.md b/content/docs/pwr/remote-network.md
similarity index 97%
rename from content/docs/password-resets.md
rename to content/docs/pwr/remote-network.md
index 988fc2d..69773b3 100644
--- a/content/docs/password-resets.md
+++ b/content/docs/pwr/remote-network.md
@@ -14,7 +14,7 @@ If you're using a reverse proxy, Jellyfin knows the real IP of a user through th
 
 ***Example NGINX config***
 ```nginx
-    # add to your \`server {\` section
+    # add to your `server { ... }` block
 
     # rest of jellyfin config
 
diff --git a/content/menu/index.md b/content/menu/index.md
index 41445a6..1ed3fdf 100644
--- a/content/menu/index.md
+++ b/content/menu/index.md
@@ -17,7 +17,8 @@ headless = true
   - [Docker]({{< relref "/docs/build/docker" >}})
 - [Development]({{< relref "/docs/dev" >}})
   - [Web API Docs](https://api.jfa-go.com)
-- [Password Resets outside local network]({{< relref "/docs/password-resets" >}})
+- [Password Resets]({{< relref "/docs/pwr/" >}})
+  - [Password Resets outside local network]({{< relref "/docs/pwr/remote-network" >}})
 - [Reverse Proxying]({{< relref "/docs/reverse-proxy" >}})
 - [TLS Setup]({{< relref "/docs/tls" >}})
 - [Translation]({{< relref "/docs/translation" >}})
diff --git a/layouts/shortcodes/include-html.html b/layouts/shortcodes/include-html.html
new file mode 100644
index 0000000..fb8712b
--- /dev/null
+++ b/layouts/shortcodes/include-html.html
@@ -0,0 +1,2 @@
+{{ $file := .Get 0 }}
+{{ $file | readFile | safeHTML }}
diff --git a/static/pwr-directory.png b/static/pwr-directory.png
new file mode 100644
index 0000000000000000000000000000000000000000..f816f0a6ece46cbde4ac8c69fe974a0d0173d2cd
GIT binary patch
literal 18628
zcmb`v2{e{%+dt}Q6roTgm5?b#k|{&ROqmiHB0`dxOc^RuLNX-@nUaJgBr}<lkj!Kb
z$&`88zw3SW+UwhUec$@l`mg;w&-<pkd${iNI?m(xO=kgWDi<lp7|2LSNGKHKWi;?>
z7XCLvx(ok*LOs<BzcAg9*SJJN;>Jcoa?gi^WEBtH`$a->hnIw8;yMY5$TJcWI@=eY
z)J5?JyNs1C%8+ak|Gq3v4aXz99ThIg?jGB-hk}Mo+$O4ogydqff{di5OV?DftL3%M
z$iB70c~Sc~o-qYl*++?NiYW=24E5(a?9R7MEg$-|BQ}|a$wl&sKZ$E?gVNB>Jz>^6
z%pF<G`S-EhAIiJtea-ZW4p*UEW1_rbvQX3T30I!!3v*wG)}+O|Sp&H!QmAFyR!9_w
zi^pDwy_o);v!r|5ODQxeD(VUctqk-2FJ@=6uLdczc{iK0G6Wm*Gwkt|;-Do9l4BWn
zWbiJ(AQCH=p+!UKub!sKO1+0VU<dVIH!;POFikFBt@IPLWXGke!=>;fqnyt7WWIx;
zs#+YhCOMr`*4{xj9DLDx>uZjmW}?xq&XY>hOzioiSo>u5<CD6RH)^EVvVx9~M;Gxq
zahuH5cVz#cK6vy{r{!Yw!!b{`+LL#xSL0)S78bsm@R{&MPi3~W?@G~7Ffux>m42r%
z{ejzg@+PyKh{#C0-yLT@=uY`HWf_*LczH>L6t)g2NOF0l@8*hW)G#z`y1#w5T6&ua
z-ytn+?L!O<#wI2{nq0XVcf49^&2s32<u+#}Hfwr{T*H_8?oy@LuT_^?9dSJyy?10}
z#C@r-Kc%RM(ZBMz=U=xCI*~t;EOS~l?ve9Y)0<ykl$+&P2|rgH_L$0TuWf3o8Fzf|
zwdJ|FP`cUvLhSA$x!_{M#GI*3Y(`08za3SD_SD4`jeyqi&nA3g@7`t|?iQI-ysD!!
za8Y7)|K-b<2mNmH9m=k|oT6dG&!El~=~HQ>krqL}{|eUuGT#R#d;!hoGD*$*$b98f
zTR9>Xxet=x>-gu?l=-gDjl409c!W8Ww9Z5$V$!}q=<XtSWo0F5LL==vo%~xhju{ux
z^{M{NQw<Fb&l=4<XS|QiOr&SoZ>-)qc<`Va2d#Oo?%rM7J1w>JmAEb@s9ooa{$`Pj
zDoJeqwd*}z@!jGaYRg6Ru|}Fqibkk1+s?Z07P-H6?_mh`vlLL`ilpA)2tCb6+24JC
zt<X~w3!bCXGS1Hyz9&-g#AEgJwr9$0%{EQ-AAUtMWqrSurm6Tu`%`vRRaMdYT!ZG7
zD+!uh(Xp{3#Y=rREG)?GZQo6)rm6XPeO(mGe4HV8u77LIi#=9l9v9ux(jvtdJ^VHH
z{O2J%d`9VNTNajtmX_A`Pmi$0?c1pDkG<Ak<0YDEYe}zMx#GUH)}Q+3%_FbBA)EW}
zU$_^)wLTUU5@NIR=8Fkma_g;a_epwtdl|*u>HRD3cTc^_&5evQaNC35D5e<O+lS@%
zd&Z=soWMO#Rf#p8?koP~D58-@+n!}Ow!SidmHVK9=ZYx<1H%qi9{rE^`lrW!cjm13
z_HP`SpP$E5`&@=7UZ}8d4SB6o;iI(DBd5K#)_MvY{F@}UUOak4M!cMhi;Lvh^XG%a
z0$5v9-b=a|Vw|fxyS7pEw?%1r!*g@gW^-3g=a>A_4J$nNp$zlhy?aR$Z3N@?%yH3@
zX>uK~$kpA)6033}zk4NIVuc1<`<VO8KjV(i!`W5mQoUAF*W0&N4Rx+wefj$J!*)Zj
z*x6Y->;96)-@mzMU0zIkOy6Y`w)eqzJsjV3QBUtMyUL57Eh$R4kLW92>os1=*4C%T
zn&R1yhB*BFrM~%Bbt__P&Tx~w{Q8sTX7xAe=>?AC)JjUY+RamAKPTxdxFR35v}hP-
z)2FAWqYt5k!o$Pe|2ALjuoT$*6|(uzoWDNA^Dj$Rceg8ckjvUszFlE2?ZJc80W#Q|
zFGTJ<lJ=*ZZH?cIP~(tMP}mbH?<3DDrKCh&TwMI+>({XO_@?Hhi`ku)?yKXe`lX(+
zgM-GDj6!9>hXrfv>IULBTfG#yA_sAk@bLz2<0m%jBv#nhSK_yX#p6S8Z7Q)MRUIAl
zf;N37PEH4NbsHtt{kNX<^yv4wjvWcBW4(6m+DHA<;w!`9Q?D8q!v$j+jkB*V4^Vm4
zc6BjeQ{oHg*%bRWj3j>g^n7di*cOZPpPqlNySY90TAJQG5*r&^H2?KHmJoYux_IfR
zc9y{jbR`XqiUeu@<)7YE%OgBq3T)v<E-ufm6*>j*O-@eUvbG*=+FEZaup8P%a^uF0
z^);`pX<_$eUWv`wkV8k0j{a&+a&&e+D=5hRiX&#yMj%Gm_9scRdBmGHT%SIDT3#Ls
z(b3hFN>H<%{Bg?7%?-`(wI-LYo}OKSzBxYwt^_TAWyN)Mbyc1%JdrWHPDUiw43}J2
zr;vHA&`&W%Dytpueo<O_d+ElM%`J2D>sD42AvMxic<ht!KYmb?`96E`BDuIYHZhTT
z^LNu`(7=EZNsqPQ)?)vrURPJwN85pIot6h<Rcg9zN-wFZQbjBKEiO7S96r3#P`a)p
zzV`bpiRe+PyNka&t-DB?NL&Z{PCA>K`d;UKD3!o;FfddlmGk7u8+Yy;$nOqTOxgD5
zPF(vW(TUMNr4p_i8Qn+4MJS%YXQZ|U7-ZdacYk3i5U87BcIQrHXQz((EB;3c$vbA&
zHqZ#LUA~#~51x97)}<2@+Gv*DJ@rD|<GG9ISKLL3jd9hLzpbhYDH>QNr>U+g42*YI
zxlu9CpFe*V7blmd+0xs4>BbEfuQ_(FisfaYsMFUH^Yf$RSu1S3*7OvWlvcF2CJfK;
z@|N9<_o)8%Z69t%dATIY+D;_)cVBT#Lc(!;TU3J(BPII8vuDqk==W+E7^pDqyKZNv
z{^5?DUFZd-3$CsOSINILHU``Zl}dQ|^5s1l=HnAwjnl;j(|LOLe;#7W!s5`9&5p*{
z@CgfZlCqpKNxt#p7>@_f@n~i1t1^~%g8o|c>o01#Jd4~|z0H04^j!aDw^!xlLYO@3
z!<wPNqR~;a%}$B6o2Z}p*_vZCAvI^{_ZmA!jy_#jSYQ-!d?>LwBr&?WFuC5ewIUIX
ze#Emm$YXx%RziAupw}$V=FaJowbP}`RXp?z41>$FL;UB?sT&x4RrQ>sDKg+8+GBg>
zwTP!r=gM~<v%Fd+Mmo8sZZWT=<$u$(d{J45^XJh$KekA|eED)c`zpuj(`>OS;VP+h
z4Gk<367kW|(Q8hL{nKbLL-qwE@+lga&Sd1|RcCT?a(*qi)z{a5&W%-J$I!qVJW)xl
zvM@~3468HAW6j3G#H!@He_t^%!8PmRE`1pH4lQK;Z>q$|+(^S-3W|XFpK;9+48gdU
zjfNX-hO=MKPunif7}+~GsB_T1&CHzZycr)b-bl_<bg$Er*bizPpR;e&V2@x{<h*-#
zuYGc4xGo%nQch0p-rdWm{3|7mj1tUm1CvntdlOfm*Dy5uvdx0?)TsmH8mX-cDk@){
zT6en0$r+4a$y=G<-1L;YcyXni%Cl^3x>OaNsfy0<^Vq!IP&LKuC%w{DZLUa{Vgqc#
z>du^-0W!?oJUlsfm#p!{i8@SB;}sSCGS!{GQYo=6Z7FaVWp<<H@%~`B0{am%67hJd
zNX4o^o)URO!(*+jt;_BuJVkqwMc%S!?8s^ltTG<x$i9Jv`_|DRf91*n01oseU0vPR
zX=z4IPEVEDq*3AqSyATvirU(A_(tdvA9PP0IB<ZQo14_3>+fIwRMq%V45-TKCET?`
zjEuwn66?qFt$U4c-P!|ihJ9Z1_{b3PAl+$wlAnLaTT#u;-Q6cAic5|iAlpepLlYDf
zG*f-p<~lDu7S_?piEMtzNjjx{aw~r7?Y%1Fa&!Kc)>dgD#y;LFsMw&#kHf;lrElJ3
zM}4}89`#%wI)>KdFO^U>VEd%b<g+ob3Vy}ptT5+)Z__W1@jvTUOakPS2|UOgdfm~H
zHl|Sy?+_duyu(}aKksnvoG-eFl~u3_p8_TwAcC^8^1Gs<A|qYn{BFR9zkmNeRCgA8
z8WjZ`_Pe(*>eD9?)OQq*Asa2(86lyEz1FGN5x{ugzJ0sEN<A<pu_cTuCGaR}3e7ex
zBf}J{N<fDTOiaIjvV{i(((&*~NKjp14lNsZe57umOA_+<u?A31iO1UO^z<8e`qoD2
zmSA9DAexW8y}djubx(<hUWeDvtPqxNcx<e-xmnWHRTx9Y$k_NnL4mN@&71jm{-nR_
zp6a%EcbO~lb=w5RuBC;mHu~Bew0a_(tTmOZ^Jk-jcxROSR=wtJHYtvV_?K=@miGPJ
z!5gh?Xshv%a`lL0@_RwmE1Fzwbd0-VCVASn{}JAuETAB_)kqn%aOd0P0(M`^_+L6k
za*h5B=Qvy)KSS`dqn2$UWxFo!v78!y@-_Sgt;UgL!I9NTo85UHUAQNCjM=R6EaMXs
zZ<g<FWXITqIV#_|a}FIlzG?S`n>SP6bt?7=*6n|vmzOt^d!NU>^iY_?NW(;YqnY6M
zV;%dJ_J!0`G21vCNo?k5Hg{~8&YLK-6eu+H5`TScn$ADlQ>Aos`sP2~Dh59j48%g_
z-0ID8h+a#>uCgychQwBgQNP4JI$b-<+Vw`MVy9v5X2@FaM#&ae``wl?kJygITb1oQ
zlbYpk-QuM5-|j0_J~zjQJNVf+`{tZnt&5{*{%|j2KyK$=_8VhE(a!|jk30!jT_1|J
z(*W&x{eQ}E{wqNmj6Ob{^QvL(ZQI3ay4l<(+AU*l5kn3R4s~^Po%Vr`KM2pLXYL_A
zS5<Sr${6#21ideB%q#lf)X;Yuv19>pC6{OZOX+!Q=|4|ed4LT8Vn04AR^L~Aw=?%P
z9X9UkHVc#@I@A91Mk&D$C!Gb#iZA)xxpU`*u!A31U-wiWljL)tD2%*^RmRwk*86to
zWKF!^Ty0@1$85)L($UwaO*}ps>GH#it&I}^C|7r7F~9VZiVCHxt1B1+S_sA~y3MI3
zj60y{XXE4J6jpuue^!qi)ev(OIRYeEHn{*$SMtqJuT6*RZo0tRQi+(gTPIJvY&2E4
zV=u&*C?3-g86k$!AOH2MgUR51L0`<3>G<!`tC2?!-Ae!a`SXq=M~(pEf9vj65{OC3
z%%lV$0dT@L05+7A{0CD34FY7Q)`Sn`N_kZDA>e?q@iyQaQ_~XxG7o@v0e(R1lvP#9
zJ^0X{Wo36Js69lVo132p^2Bt;6Nqj6^l4(VIkq2G6!YN>LoiCdy1E*VXliL0=X74x
z)4O46Dogr^Ur-RU>ert?av()@CLElcAS;O)X|FRgtFQC&o;z2C`rnt9j&5-4R)8{F
zCE!D|Ic-#fEWq^9kc;1Qlapm0{#2-NLlb)Y_U%4O|LC|lGgH%@m@c?HAZIC_FC+Fw
zy!1d^tfBI1`uafzSr?O<A9_Bm1@*tEqjLxV`~nlvJdLy8VNR)}CcS(2q^e5xARQgB
zF#s$`($LV*hrGO&=H~LMK)Psvx3_PVITp|m@%=bCIm-uZNsG_!5f&DXh>8jnc&^L_
z#$uMEGc%%Y^7@Z|7PkoItPfX^V#;7rh`3a0>ud!%4=y(C%^PMOo{-$!bD(4FJA}|A
z%dhW?RRMvBQIi&Rontl2i3ZRnBO@c-u}xD`llSadX>>3wviqc7zf^|SWj(#X%7K?D
zDLX+sFnEBHf`Wr*Ta<V}33rYY<f&rd9lhi^1`3QHworLn5dN0&58o8iGc#X(_z-db
z{y!M@C|{vi70|1cloZgf-GNn7z^_S3Ny!?V+y@){1jfe3&Yn9bd+8Dd$`+MAxZoxX
zmJE&p;8-(sJW?^C*<8qen3T+S8wSSZ%QV*cF*!GzjCtwJt*zN271g!0<Zj<i=QzKQ
zbY^4PD_)aJ7X1uwhRX%01c({RZ8wn4&<dAlt!-=^S!g$8M=fZjqXkkgRZKYrQlvLF
zHUiV2$WBKE0y5V(G;|g^XT1&tw20I;ki=?eY55ssjs3{b121Ky+?`dj`sSmAT+;sZ
zw))AeQUb7IAAB}GbNtiBl^L1QqRElR$^B4(R;Fyc8X`|>gZCsPB;0@ho{ttFUA01N
z|6_~^AQqo(jQ|}@HOIV^uUu){wXzJ>jvGNju;-7!50R0PK2pcAlDzbLr3wY2mEV8*
z^hhpAGDTxxer0*4k_x*z0d=*y>c+;#=CZZ1bm;KmZl>fj5)w^czU)PP9UlDzF#s?>
zp~XN`)2GgaI;&#A>ZzPtiUz0koAT?|U0n|q8>lkvV+xfgA(aeo5?>3V5?{Ws?<00I
zfW1Lh>ihR|<fbu=W<P%X5QyL$skSZ9$9MHyX)q+a^%fLdeEH}0gt}L192j_L1}~e<
zvD?w*uzvw%2(BI)y5DKK?-cE6axyX?8%fZh&2`sIgJLdzc1T#JrlyDgr~>H7C52*L
zPV0Xxo0*x})%Y>%L6+64Sb5gZJ+yx~_pNSt`uX|M)6?&JuP|Bln{}2F8xH&Sk<X;_
zX7!LAsO&E9f6!U@qD}CjC=)(j-V03oe)`fG{G4x+=w~VcEb}G#ko+>Kb^P17<KeIZ
zOHX>irsFrV=|Mfa^KBfay3QqV78Nvt8s+5)fTVnMnqtVv$Y2du5MQ5>wy>~p8Bd8K
z^{)hGd$_yOoc~eA3c6TZ+ZBMw@ySURFoF7$Sw9!t3Ov>Xv@`W_tM=qBH7bfjT;Z6N
z-*}goCnpli7Ogxuzw+_!(&>$j4QvJjuZ=t6Tk8(%o~15N?uZ=0Epri7;iXSbP4z!4
zXnkEE#y9VsL011e4i#4F!+%1OM`;49WVR&Igr{i^xt_SxtH!Z|iB{`<CpWaFU-qX?
zoyrF60&hA&$`UM+eRXe0P35m&9AjT&hiXGvdOqDzdd<TYu7EoVkOrU_&~9)y7+=`B
z=VSTz@3d)}kJ8dOXS-g+#jza?p@F!?N-ecO{7C6fd@q&MaBV}6NI+m7QJ34dZ%duJ
zD8kN2>98_qnh>j{u73RJ*G4M?Jw0GjtTX|mKpImt>M+rW9z4B7E*Sx6i|?0|<n1u_
z^~{+w<+10T=@}W5Gct(lfKCEFM{QcDe;R7rGY2J8MXG*i0t2?sN|%;4kNQ&{VUASX
zPv)z}75R5*2^>QTU=kZSaUGx#nh^S3NR2njduwy!!Mm`DC*4!kL$ids*7E&3>%>b4
zTXAul6&pHwdNdBR&@Y4-J(-6+j6YF`#8T$!p8D`snT-bD3}uXK!4JkeV-!=+Eu{qH
z8BAG1NiA}pzj(ojmPfx6og@3IvOe1XPe+lehfKwr$ue9{g|U&52cQ7yW;}HfElHpZ
zE74X^2)N3-xUgUcfe$>HA$S*d9tUlO316r@E5<d74EnED`jw*hCn_whb5v4Ur~^ow
zX*dr(>a@h<dRP_xmqe-VItYMgX}k#^XBX%AGFx~Zh3Um4bzDV)n*3h}4qEDTw_<~k
z)^S$q04#!R7_GvkJ^*uhR$M-Y@LR3)Zw~_Hk~*fGa1r+}kmPg*RT&?rCCmQwiR+Ik
zKf?hAGmQe>45!KsohAzJawhrpFHh(M$fRr**4)lEj<(OPHs!6}^%#A@bAGg;-oVDX
z9<t8NKqcmK#Q^Uyuk~3!&a%<@JU|L3(btVs6W;z)F$?Y8Z+c@wdflgZ(%VOyj(&gK
zc*pabSkJ_AO}Rt*v-vW=EtN}l8%47^4%D^F_M-WZgsG$iVorq0KiofH^l**!VldCi
zA@!^+R*Eeuy}tHdDk|@rY<Wh7GaQ0tCVUWQOYNf#N1e{aH2!k@bn#7Tn}vrt-IR7f
z`;)JcZza2f*%kX56@>B>{WeU;6^<?H#x!--kE}4Y|B7m}nZFqpa1#<DhOsrTQigMr
z_?HD*vYo(WSGk{_>L%!fq+~f=X5p2166SMH@zy_uu|@s-b~%dlM)gHyOjz?Xq-AA+
z_ozWYxN;?ucTcA3`#IC4b%os`VxhOZBifY}e>dZOxFVTD<-hgxC^Lt?OikS#EGMn5
zzCYil|5bAGj=-u1O=C&#-&2Rzea3FZI0mmp<GchU1=SMTqT01<mw=l<2+uqJQPa~q
zsZ|C6I7ZNB+qagM3T%+v++0jtOcvY1UdRAg7F77q;#9YB^N+5sM_TDASy>@yEjMl?
zT|LqdeH}RM?%nfR=?9`3Ai6y>&&N|BwLW;T4PWmnU}j%FRGn9^UO{gF4+IlCbm))~
zSejs;i#H?`@zq}}b8~Z;2|Kp^W8M4d#L);0BRul1(-KU%703`53><|y_NlP2>e03L
zUGk>gQ%-E`?1zpVNhv6ZhCT>{2xWm#_D7&@?xms%kB<+jGcoq`JQ`S4QC3ERUDVa3
z3uW{Y@D~LI1>X7wUo?RXN;em>e2cGIczJq?W0BAeE@P3bt^aJF++cmhsA@7Csm!yR
zlCjKEz+vX6B!-f($14BHlP4j&8Mx2NDk>`CtNrux!w1bEJ_5{O%iT4?ieG%pSUxtt
zfA22N)2BzFF+llWobGRe5b*2w@8q<!06^4<iHX;*U%!0&HmJH<4icNWg#|N|SSa3)
z9z7DeGeHX$6H=37#QNmR1;~~liw<+c3R+rPz#=I*IpI&A9>o1^tf<&_Fwj)mdKj$_
z$o*M#^l@}k=(#{>xCg_~bO;iQ2LJ$Z=`TcGsnMj|H^V5pCKrGokB701j*K)zgLiN^
z3y8F_wgf4ma(1XjA+;6i#hI2gO|IuLG1<Bq1Q)2NkOGSqcKS^ZfKfD4K@Q0Ipd1Lm
z2bi(CrUsOOAR}mtBC)TMlD5aH_=D^e7hf~^tZ!gY4cb8I4;5Vb(j|3GO&Ne)Xod;6
zlMwk9|MV((cx*_wtwlR%0E8v9S=_R*q2pVGzKKa@J3o2}B-%&JIj7SUa?WIX7Mk}1
zNC#u{pz!hlZ|Iz;h|nw7-fLq-p`>IXop^hD^9u;Hbad1LtDiV=0%CRO2s-Y&PoL@m
zuw*i?LFz!E;UD-SXmRq%?X9hqGc)fVX44-&oK#pCGcYhfQE&|C4t~>Mb?{*jlSg1S
zQ&S_5*4}1hsO#%13o*XR&yR|WJ33&ctD|EC%^w@o%IXvVCA!;yh2Pzz@!mpbpe~d~
zf>wILoyn)9)?JKooF`N;{gW`RWtb(o4-Nr%gOr5D#3%_dveEB_#GuL-O}lY)@2;v!
z?hV7MSLHcq2PfLnQR+0LJ7k!p0`7qWL0Pef>||zUhN^;gc9xfSCS}1>qt%~X&fpfm
zFpxVW2kuj+5;W2{cz9|?>;ry35r_%K{R}Ok-Dhny4mSoWQza}Gl<)DFMgZzV08E>9
z<D$@^@Gw3F7skiW{~6R8z5pRQZmvxaEv;4cC{KubmzO~VpK&W@W_e7zn%}p&5B1N@
zo&515Q8WW&k#bXEVbrrED45w@?{qUNhS*Lx>r7Kd4T^D{Jc-t@-+ExdRB815_)Sa8
zAP{}R7jku7@!PHNCfv~@?JYo7Ykz+eJ_HQ{?QQ?|;|qoSJD>c47G?y71&ROwTu@L@
zR=hKP_~X61(T}l}1a_$ZV`w{WlerYmJWZoydLlFlO$yr0qlalferN%cL&P^VGxIAd
z5(Pc3GvNb1`#Hbjqo@Aq9}HAwF;q3~nj~anC~cs5Ahl=!5P-3r;8<Z_VWgs|0=aQ=
zaltuYfKHBm35f_$Xkbh=wUtmi8yc{opy58+Z4E~Z_AOiZ0PZ!osm7HnvQW10Xh;o9
zkpUPF3YI#siU4`%&Yk=I{X4I?_*b+tftX9I^Ld??$|@>hDyf(nHB(OLW#9-#(8;0q
zOM?6;@zO(s9IzFFS`Kah(YppPDu4sU6zam>uRT4CfGPRimxLIrt@Cq=ij*Ok$;!%N
zL)tC<xdv+pkQ)9JUU2s8S;zrE43{olg6)Mb44cOIjJZHeGz4!R9;(#VI>@s?IK+6t
z768Y>N)VuvFB*WsP<NU~>E*n<_h`7i2Dmsu;pLJBdY$_Zm^{_W)7TL?{Qg?}>MaMq
zLv{B7s{){CD?H7NRA#Fp{p9&)_ro&!v=?AyaIjM}tVn6Y>YK+M^?t}Q6vM28I~JrF
zqy1yDJ7@DMXNzKnR-k=K|37wLS6{NGtuOR(aE2H0Co10On~ddZxznDnzG~?p@kWyi
zLKlbXn-Hml3+Zi-=2M!0n4^{DJ|9ssEt~Fl4<k2tq<FW(O@d~)(JY5pJre8EelNqQ
zkqz;}{yWoSo*o@;V!xJaG8(iq#)d==#`(|;dA7Us++Dbnx70B6`NrYvYhpZnC5K!R
zRUXAY`#h|0>S$bBY;}`GaomnLrKK6I!xZ_eUqI}grwy`Ir#x#UYSUBII6%@2b^At}
zj@8gCb9liw#u)4<zPt2P{d&{(JTbe)a6gSSRzX3!@H*Bnss{sQJM2?@clLC1xD0;Y
z(_@|AVF!f{Z!$bG0-B8?hKrdUdRcdeZibdoe#YCk#2~<J1<C?}2mH+b7TPDLVd>L4
zPD`$u)5&do3!)@ud13GAgZDt9;h7C6!1l!(2AB(d%)g4VGnT|h*owr$-c^SY51b*F
zG#g;)=Kgd>UpA7HmW=Y4xH38^7|{6mtzElzE%z;z`1eoOnB|-i5vd1N<(5ldUw6mT
zf*Q?|N=xHWnO|QBvuOR;zJ2@m_V#(W47Q_R4uROw@fZw4Z+;=+6$dc<=FOXqoSRht
z`mc`}g_$j1Ly;y3=)KI$)B30Bh@qUT3yWA4k^@u^xQXarx2&vy0{1~scbR3Lnwr85
zCAbsVv6Yn-KrBB4MZCx2As~dWUsdp-&{8o~92S4;7%72+Bo!6Cz;O0lNH^>iteH{y
z>~PlViGWSshYz;1gR%tI#6+)cXsEo-I|H*}wvIg>DC^V<mX?Fb{p+KG`o(UM6B8B~
zp3Ua`>+53@H!Un4;SI5+Ab(>=pmpE}W+iul7*lKO$50RmksG!gT>bUmHzimYg5Se0
zn61y#&4BVg`$NxW4|#Cq0AWa~im&)!o`3=!>2sSr_1oz@zSHln+(2@=(=&exr;Yid
zJMwLgiN~vcv@87d39cdJC{pL#Hj9y1=e~rjEGlTE@QUNz=jzUe&#Wp86fn4+(90Um
z^1myfcB}C5@FCr4-N=&gha8>UNzJd9zf3tf{4DziVu4zk=I{Q}c)fh<J>3hdzs?5B
zRd#hf?^w(cFH-NCpbeJ8POezw+}Q{UH0y!kW#q51*XP4oAzCtmzpQ&o04$lgx<>o@
z?tGP+TJ@KSA^4G%dYy^A_o+44a)+~o0}fCD6kD`B7)Utg7+eEOYl1;SlQxMT0<W%$
zVZsRr_;p&2!gmMuwny&*EJXh`#_&M(VLn%78s5^*M4`dggp7b15_0~-h%pcMXrm-2
zQW0)tWr4#O+UNd0fm@sBVfaD1cUc*U!u|TYu#o-X!{_nVRAJ9`A>bSIa%@T@GoWC=
zhV|*zN@|86h^Wm71S<UJkKPN2$y2gCm{-T=VYRgG+O><diu>O*gfE{G;JS6b9=Frz
z*jQBs8yqqy7TL$`JUtCwmt!hoc7w?gBNp$fk(P|=3kcYAW{xXT5o&^u#U&V1Koi7L
zI2FqFmdwXaKT%A9lXNi2)Xwe<q(!)1(5GZAabMq(%0?L9tf{VsSOLY51h);%7lPeS
zTcN9vRy;l9F!1cIjZ*-Z3(E6}QMqK+k{@oAoAkE&;m?;DFCgz_(`U)CQM^*LP|h=X
zT!)vHylQnW#Vr<AE2JCiz9LSa1%dNU0`Y|fr<ZQ`Z+z7;+>F|@^N)<E^RUNLBfe;a
zI3T}IW!5{~AG=NcH%OY=wDXoh?ac#xuJOz!E#f+&hT%+y`Z;QcBeQQD57(}K?5k{W
z==?!GSJU5D|Jw&e&&~DO7`BIh`U4)g*pnK(Q2)qKYqRprE%Ev#)pQS4a@8s^?mfEl
z<%1eOUSu$Aa-7yw;Fp0YaqsrH4X28>#x<YdZA`X2vbRx|cgsu2j+%9se&|k0Oq6;^
zY8|O>;z8-Z03(Gt=c}2#F>~3jgr}){Zk1l=XYk<a4lY@wcm~5Grm>ocuf)H4#fFr`
z?20>fmV3egMl~Eb1Z=jS=Zq<i;#&aGd0A2t2d*cTun!6$gpVs6JOcduyeM5vLWoOD
z`$*BAU|14`&JkHpp=%oQJVw&uhODfwy!rbp9s@_qi8x8Z#)zYcEZet*jVq8XVJtt~
z`LyCF)iH7I#X_sorKs>ILr?g-3~;ZZd^7hgdu}Yfoc`n7qg5kcs8+I&VFTGuV0dZy
z(~PE^0Z2alL-c|DI+oxbC~9;=lnBt<dik;Sf3WlPi(K{tq(F2<Z~eQtsG+aV?X=U`
z*_meVE?=po!s!yF+qX|bO&J7=W)2t_sPre21<>!I%cEX@O;6LY6akqn{pp1Uo%7*?
z48S<0zc)Y^3HA@-NT^FlCDPK;faG`u=t?qX0)kOh#``-@^m}c2PzU&YtcF7h(_+WV
z<YXU^9Ca^F`jS_#<V@-cps!)nIEsL>oi22qmP>E5Ut6?-gmXHI98d>JeaEAS#=ZuZ
zf{!0-Q<S2X|2UT_0g{uGlcQyXHJSl~AH4UCrNm+EvHX=7;EvH|`1}M_Lr@8w^H=6n
zSFTb|dUp01L><n=G~)hZl|cG{1~s&_*i7O|tmnidg|k@W@{tq+g9)rN8T^(YEv2;h
zIe-SR4+9st8;$U5oR|_o9_(~SM@M+JwFFpp5gj~N8t0>-6_02@-aY?HBSJ=l)&;xE
z@Ecbv5?Kpwko^hC`S}Nguly^^(=MleKFGk?{|9C^sjrmdojZHV%Rn7isf~bQkzk2F
zd-Jp7@R#Vb%z<NW!Fqtj5XpUgeHkS@UyO{HqBDY4v7`MUV1i6T+UwV45VMB^%yJIp
zcQ?Xq!Xq6oV_vmcz-=fiP7VnBWQNuQA^&h@lwyjI+g}bi2}Q0V=g$-T7T@zje*R@(
z*lX90fGrc07W@`d`a#3UAjBO_ZS5h5^PcM;)#^UzW~h2=sD>2T+FTw6A47l$5ZXBV
z*|)IBT8{A_48d}t5jxan4Q4r@<K#OX#{Co&7O;rKnDS#cNYmuw<EvO-FRINgJPP#`
z7QEZtyL)zd1E;88x#HVqalqJ7Luwjh{6<cvk4B;l8>ik#eLWeNEqnpY3(z+ti;jfX
z`81lb#597A>VU4<+1XW|^l)?2mH(v6eeh@Bq>HWX6FBFn7LnM;np{;se=-66qW1=T
zCuy0*R!0Sq758ArVLi`8D__mfg6i>k0ZKBSN56L$I1Mff02)gyyKNq0A9<RcJ9px1
zIe@6Siys5dmq}8`#QzE_9=a&B7<)u~daRc&$J~}UFsEn{2tWeXMUif$5Ueic=~<#i
zehh)3N-Bxu{Cv8Psfr)t?zOlt(3LLlB(#h@JGL?JkB>Mj6w^4jG8Rt=Aq^v|6^trf
zeMy>J3ar%Ntr#-P>+?-3NEIO=BjtUZelLL1`1JIcH<kExcXxN`-ubz?&t{5I4JYKP
z7xv5(F0!MG;AE$w@Czt<@t&(`9oa>mO08Ngx?*BtMJuB*`h`vuNzJt=TY=iz%+fym
zaP{idpRKAADIkA9K%fqAIiz0bKDXcLEeY+H<J74tI8<jWIIS#MsS^?tAAlOZP#J4|
z`MtQro#Bx%;Qep}m~0tjU>KWE-vad5+iN&>V5z_{u$rKD=vHOLRuf?Yr+e;B9S)X*
zqvykY3&oBZkBq~^_R*FW>I5}X^aAt{Uvc71fI8r<wT_zrLSg()Oim)0MAKb^fGC_=
z<G8MG-|(lOu_3BbA}&@;FP#+=y97iAibP~eAyY`oV-tS)5@hZj;qB_?#*ovg%ooi{
zzn84w+vCTSBt#4=MFXM$&;!u5iL0v)hkci&07d|Y|L>&m4=zC3_$=U6yJA9%gARfZ
zfIeMPB92N2ZET3**}k;P9|bWu>+<^T+vLp5$M|HtHFz@;P*8!e^Wjy7$HX*%g0Zl$
z7^|<}8BF_aq!<5=YG0P}tsMq76=8qvPt4vNUv6|OYPoZTt8G_K5D@+=zFUq_UqfGQ
zYx#BZ6gO+4JWBw-eO6O_N#BRm_DSD})=}XPe+!b^-|5KfaNR7vb0Y_1!NXwuc?-X3
z&f=8T>SyW*#Syv>PXrBBR}EUoo~}9+TfcJ*VT}!FTvC3M`kivT#B-|1P4_TwKHr(%
z>5pqE<{lC6OC~OFakv$!zVBi8Xxx2kUc7!G-f!oC`poymcVd=F?Z=ir9$AoK9V#7W
zSX%ot`7zsY;dxAx*SCJdo7dv_hdcagKD!BK1x?*Ay1RUasqV1_KSStIi(;Sel_jt8
z>&s3L4b1k8&wKVhF;VwI8um$ecx9Z}U6RjShFR@4@)L>elY+0i<O9Dcv$4G86py#5
zl+vuOlsxKsY`+F&zpc<0<o;wa&<dTVjIs5-cT+)uA$+{i#+cvT`Ks$4BlQP><YACf
zkDHxn(qs<pV5(&w8ej@33VFETItX7JQsrJsO8f-R`{$qDLb#Hk>4bNW8wAj4BoMRm
zBfq2yi84$mWEIe|fy4g%v34Ey*jr1USL0(s9{K%;gT1{BNek!|^cek*w)e3&z@6nK
zCGX4sEygGVYOgav1dRE1lo*@IocJzQ?O7Yo`NL>HLXN*sW--@!Yg<~vYX49IX#gz<
zqf-KF15(4*`_j}z?%GmOQ88uR^4Lez%4M&7xe%BYdK)effkZ@N0-jvRYCk!*xVW@*
zR!9i%MGaK|>R3YW?fh;u5~KsBtbaWA=C)gXc6GX9r@)Rz%SAS8ai_C!=Z3aa?ps>9
zC|l;WRZRQ7o*t_TQ&=@Q-t<3$y8jmG{g($ByJsS@uV`2u3fUc96hf*%Z*tOOU^m<`
z^~;yNkqLkY)z;Ql^XYNW-6yFOArGNo!owGMT}5K3cE11Zy*NlEnVF;C(=G$#0P}ly
zTK3rn6$LIg<K9v2QD`fI!3xj<f<QRK^m~cK5*k1HGxW~{c6|+v2S9zg*U`iN<4NBm
zjmKh{0@xsyl-T_Gn@0HT^;(u`X=Y?WF$dv@#x&Z4MP^T>=H(IG60shrHK~AU7#NtF
zNbO$7%YpU5N1w&Vv*Sa*f0qG{;VJ%0J?p{<N)<rE4(vWhy8h(J#Xf%@xugWV7c{UT
zM-kis{Q`Sm8Rl}(7rcB7Lk&OyJQ%$ZREJPL5eaiEj)U`qEl-6ofn-)YVNs$?F}%8a
zzZ}_#q9a9&9*H~zB9NhgSqB9H6yXWF3PvWBG(w!x&|s!@6u3RE$d}r(1-EKA2dRkt
zWD|TxDd%d}_91JI!T{Mvgc+k8LOqdf#o+qad~}_yq62CnMg%5GL@V9FgP%pUnHSK<
z@f@Y7)7c=n>Q6;YU0iAp^B$v)S+E^2sOMA&(N;`9kut84J{?Rx?x_2MytIAw%70@2
z7$4C8Xb&7vS5qrPP%(VXY&JA|Kd$9TNBz;mfmH$zM-(i6#!Qvz#hy$d!x~0JL?B%V
z4PcP&^J~+dV{^5IjU5)`#X<g+dBH_ZU5#M}wGD3`Za>fbgJ&?W#nYwZlU0gV$rb9d
zHO_)8i9eousN36@bSm;f+s*kC)i~hc9`+Gt6;%*k<&hSMIZ(GgIyzdy<dT1-z;?@D
zMbT{A^_)&DCG-{%+5Jd|gB&_9jC0-*@Mv4vyi0!;_i4DG)R@K3lnK%}tTC`KSq
z;TQlEwThusO)esL7%iT1du?NrV)*;GBgz*xEpmYnyP(@FG1HPE<A4uht_*D&qY>tc
z+sSMb*b^?5@DpkeG)km50H|1hJ+Xdd@;0hPbbP^0lPgkQj(NN<^H_1R4~s@3)HZLG
z)HSKFeaQ8fv|Hq2VeQtJ?RM?nU3DjUI>r7+)X7tM$ui7vEuqC37#xMnfNcSLVHv%Q
zC^L*kuvegFRY>sIBPbd^0fA~b2)8UOq+o3>ts&vY_-_<ZB(~Z(duFbIhuo-SL1BA$
zSJ(1a=aNdms{z}qtg@moSU_aqKQ$v7hfN463Z3g`-}WDUeW!<YtOO1t+>Y)%h?LI6
z1VVzyFA*IUh8tl|fCfM~6)@jx!ydO<i{ycw5F;%e9nr*2W)(fqNW)o;W{AkJjLmIq
zkWUChYM97SfaidrAtJgk+1^=vR}jSyv}E+@d0gBmVjx36M`hOez?3-P(fLH~4&)kS
zHL?89Vq;~|iga`WbTg{qCgyh&@olUYNCOGr1+iBVT!RD-3IS%L|H*L=z!HQ8!hl{_
zKn$fCkY1+#4d4iJ4fRVUOJbl!L@*ccqHW;1Gr#-PLyz&66M#_xGTY#4AtVni88Ozg
ze0&dD$A<yI5op35{53U|0-A(a@a(%N*gnIxI50ws-rZAtHwrwo@9wl1)F((3iA=&}
zkdI(!B*J}xK}KW<2q6h(aR0_1XBcdzCMG-Jykm+IHavVg#3R)%Uq%5B2$rq{%ctZX
zVVS+`tN~JlaKj8}aAxKsnLB{LxD!{CX^!B%p<xgT*z@OCuU$*Y&(|Jqh>eLMls_1W
zSaP%?umePfVEl+34D^MV7kVxyJv|WG1mR{O20FPw#6UCk3o3?(lhw}k<KAGJVr!|y
ziPm8-fl;zteEbdFlP{XcJY3}_mJ<*R*jnX<kR&g?iKC;Y$<x0uCRC$=`9tN=-vSZ%
z#8u$1#(tjJuG?9mz{-e_g1w&9&isbbv$oD;vI1cR!A->Z3Lrb6ud4<IkfMoI#jSvC
za3ISyz!Evs;n7i)A!2^z*Lk7C5)28Jow24WD>XPS&K-aPGMj3_Ijt3)m~|n-3P|2y
z6kxNfq+WiuEB^Kz5HG|8V*G~JA?Z<#A^&fr7es>Ss4FWgXz|$p5I!%Ywi1pW2@#)x
z2`Pj>{`VXZ7W$+63LnNH_|U+t3sgS{`)8mhDW)JR5b))>EziX+#Cw1&j2{<3--690
z|K+AY3_`ZZ%+54lJhnfiMi^fJ)9(Q(PMd%b56%i<)4}d#4!w}n{8EhrZ_C`I1M?SG
zh^-%LuozXkegg63`g%pgJE0!HLwTai23`apd`3{P2JN1N;D!LQh%%vEFlnnTa-nop
z!I3~~z&2c&AB)B)L{x-y2Tos&fx$u(rU{l?`IQtR<h3b^J&sX>2?o!Quuho!bpiI#
zA+Xg5a~75^Xf9R>H4L^&Se@x@tKW}st1j3<5=S3MYO_FkQZl`5&{oL&_H7y`4WKY2
zA0a<ilw~!W(;qo90#$~fuuz@BC(vUE!w=ytG(6%OwtgO4-;O&9;`-sk2clBY&mq&k
zf4_}MBO3i%L_~y;gw6T4J(N{N@u5-Rtw8rYOOL@9LhzADpde!h!~v59D+qfVVGnqh
zL^UQS;Z(!>Nwf>%9KuSI7iHPMSxF)UhtL@IET%QcCow^glHW)AaGxUQiXl$QfnEs7
zCVzQ})j@I)v|>k(o*u+XTsb{hBLFF3s;Y6ATUxRrryn2B6Gr;u`*#G~vDsx4)bIm@
z0b*Ogy~V<UtisrV#E4`!;D#(KoqN}1|J0J}Iaj$c0U%4@umPMZB3P!8HVhdEAR-9^
zDW;KVO*nCal|}C%ej_5nWlXlZwnjKd48em=g$SFm91TH&uL`9BM-5{K&6Fr!Ko}Fg
zy1_waFd`hHK%N)#kcjMm{3y?T@CMF`V4BtpC4BryAJgd9K3QdvtAXx|b6)UYA<{xr
z$6gtvU@iz-TU$f;8(X0nhXhb(PKDP@JP@R=*rukdTMrnHP67xA<sVKcB!j?DxPd4h
z<iZcKyp0fFz?u<Gf}=?D<O1<E&Ytx~<AA0Y9eoH$XQx66UrJ9c@<z;{(T*ahEhq{5
zFL0}zc(3^MIBpm29bUA<yPV>Xd^}rTmBR6214#A#D_@;m#$uh(G^vz(mY90G*EUMp
zgeNCw-}Os;xijs&x!Uw2|ML4+qQAOgB=q{Ds6@<8o}b-#!9sN-F=ErJ#cB3pRi0Z1
z>*3MC!NlK9QM0ujPD?ZG1D#>Bjb(W`W;uKD4k_ku8}An7ttwY&^(#>NW?5)PNint?
zI(S?=wkzb5wpH<E<Bgk>hD$MxnlWn@V#z~-Hxs=MikgKyvQmAWsL9n?>V>GHI_m)p
z8$!YZQUirpTbzP}dH}{gFo&KcniftrV4DZ5=y`gI@1{CRuvN5oh+RZ3CN~$yPa$*x
zSK7j>GNJ%$KTKNc`k38y0{!_u&WFHw?(7U`G`oSbGaXM;U%ev9WBsTp0V_(`Jxtgl
zoql`W-S!_p<ls~~6&}Ia2XyMDI5EJwpH794pk4u2L-LpW3ttPz#V#Po0MQ0g7jA5{
z@-7(Dkjiig#%t;qFYZQJ$+Nyspb}WB8@+E-xTiE@xY2}<pPzpQk;@n`K@cyL{`a=F
z0s8_D7z#*|;7$S%!xtxf{bGYA{023KryzL1@#@&krnnQ~b%?10Q_!W`mi9N5d+&xW
zjM)Zz7O_J_6p%QBbw&hhvabR|>=&%X(Fmk^psZoT8sQWxnkQ!3o}PKlwjVzTIsmL>
zkxT3@WE@89aWx=}m}+pX*j3|(k;Vgj*dJK+IwK<m3d(;Zz;f&S){c&c7<26G{(wpL
zu!o2xVcLfS7Pb@LIp1oX^ziUND<qB{;N-%9EpiZ#+AL)MbCQ_Ib$}vbq64fD=6!DN
z6_;*gz2G}w<l>A90yK%Gjb>*t^}vO21Q$EQI3L`!JkO@L|Hte1@b`!*1nU}sQ8>gz
z$`xA=GFHXg6VcH`$b&1=*w|RA=Q?oB0}b3G%r0O?FmxjG34sPtXC&v~*DWz*Xx+%w
zg+jx^NI7IH<g&5Q4v`BA2vS8p&f|#IKsv@n5GRge8u>&;gW4>rtn&l&ka;<C{ydQ%
z6147NLiiOJ0zDXUOhT|?uD)O|fH{HAh+dt9K+aOXS3IGh<Mu=P1soqd1s_Z2+O-q(
zdx?WY>Ih89RU$z@i@w=}V_|*>JK=TLdF63*6-FiA4Pz3+JZKT94QKywzkQ;<0=*O!
zVUXPfJHk^?MZh$JRGUAkkTHLin79oqlp62($%<trFH{?29nhPIdFy5%G=j+w^hj8s
z2;m};xw9wm!d<uqm{L_ZnAARrNx;mOh?B4=9k^e3GF}Btfm>K6mhR_x1MV6`NW=v+
zz?E<n#BG6OZn!xYh3F`@uCG`=W}V^sARRmmHFfp-|2aovCG8V6+_JHd<<$t4`ZdyN
zNzI@%@buA3vv0SbMs*Z;ZipbGkAZA-4EqQ9B#>^1`s>5&62}h)66qdLBTDjnwn9b6
zNeyt=3Bh9jW1jK=^=J~qNU&f*_Vc5$Tm%D>SnF&8Xd85+zK?hk&bP-m`IleEz5$@d
zY7lpAaA0w51L>{#0smtyU<0c+3g4X~&$ARbxy=aF7xjYO70@1wmtE%tN`Z~@0$!D)
zNMr8pb{|tBGeaQpxjB18scju0pE<zBB`_}*q7HxqqzUCj9A-pO;vfOiYkvOzm>|r5
zzu_IRN%SvpAEcR=sk_dz-^_vck>*Xn2Z(<M1G6!lY;1VEmYltI_uM5tFCs!<W>9=w
z0Te=_s5&j5YI2?E0?Hr;Fv=?F*am57zpAu!rQck8)G0AARj@VUL;(Tua1t&i=A@Lw
zf}0r9o`@)6nBoVVAtVz2#JN#a9acS11j^@`n@?9w3R&u}AC_i5A(+Z<iVPp*N*bI?
zke2p-cKJ}S+~Z>su(*>^EI1?up$jw)?a2YY>HmFb7&Z^{H=>ci+yl%+;Fm^{z2){Y
z;bvSIMuMGa8VCYHM1??xK?@ZUmrR_d!oI-N#3?33L4l-s<S`2&xx9k<i$6MTSOPd0
zWSfe!sxW>~_-5|zjOfa3>DtW}xoG1kW#F@(k9N`@8z6q+;-QQXL%q|I80ru)DhJAp
zvw6XG@CalOWDIe~am<&Mo&DktYFV5P(=T{{)7_XjIB!hmyatMd${#${io7Js3l1P;
zHgrznYinr{Z4qY+Ai5)mIM5iLIGwk>+hQ!zK(B@4aDWUbHMlmEormSQx*3D#=ty_?
ztO*?q+)uhgAZQy`BpD8=f=WW0)=CG#H2zGv%e!I&hb(*-0L=#+MPPs%Pm1*9_{lrS
z+)|HJO!+L&UDZ6{D1v30b<zK<hHZmR3|AT0aNrUE6<~<nl#A%;F!S^_3qTkMd^l$o
zW|f7(>RzpzaWF&c<hJUR_pRgn_b*)7@q9Znldw%bTK^{zPK^?XR>o0;5*+ZI4>VlI
zAsQmEA8Lzc^l#YsmlEa{jvI)?s(kP&d^e>+*5TG&uhp+qBOl+(^Z2h(UcTkR(uR|Q
zsQKM5-j6%qyzm#cIT^K_WH96zUtXMBh82YaM(C09taHAWv4*4Kebx@0XC(~|b??5F
zok!EgHIgyiZ~J@rS(ueGRm1<^f0@L8J!<v8{RI^z(TOab+%uwkc5+_dT|eh_#hs-t
z=3I9j!<X)B!R)(a`F)s+-uJe-Oe~v)3dS72)+h5f*Gq*h-?H%b{O6bYaaA*cr84In
z=xF<2ME?{FEV}S!fF!M2`sL4+XTlsz;o5Q*%cEj*p58OTEH+w6#Y+umU;f@OVc5YD
zQEJmJNZS9xIVfn1^1t=5`-N^-(nxEqUbJiay;wUo8~pc?m_jY|-(Q+!&ogutgSgyh
z_j;7?82CP|Y*RXP_MTQ+*&Fruj9VV>!x#en%wqgxc4e*@C+9q=H`~LW6SBCk_DS8^
zYu-1s>kV?}vm)qqf>Lyp%$BK~x9!a`vz>_O;O7#Z<sUHdyX?Emfb-leowQ_idss4`
znuW&vR_+MzQN=SJC#$y9t&EIM)is$(?VxT7m|EeKWSdT6B0nN5vRP|7D$z?Z7voE+
z8@bJy|I)?BkGIl0?_W+eVS4s6>!Q|*WTY?M9L49eI-8ZTBn{d8y(RQRw-qwEYdHAc
zELW19Rm$eSFXI>A=#y9Id!CFBl6#~XMY)OJQLh(UIn62s3XO)8Su<07XQM5jZY|}-
zOWbZuIBD24V?muRS7*3)*DQO>l74}X{MMhF?x(8US*y05liBqZdqlH3bD7+(WMO_*
zdtK{f_N@s0*=qB57My}<b`ud_<TU;+)4XLp+rh6Wm9{tA@t`XArBUbG9~K5^2Q>X$
z*a9Wu*tk^>9X&)`kf6IAo0P)l^ugUcwDf8x54=5*<6cBNay>I{>wBE{<<#NlJbvs?
zUwwTu5Z~TyYaaQ;*Dd|2MWCM;<q@smut*cXX>DDhE5;G+w?jx>yJk4l?wx-=Xy~*i
zbj^fSHEUR+pThQzaJ2=OG)Htwb>cu{^givPGjdwt&%P^$MRTY1Qxxc)C=#Y&j;If-
zHCbtL_AYvo#s0iroKDhOl?E5Mo#wW}rkmBZnWbsJFYzk=0`7UVO7q&4Crc&d{%Lo&
z%RE(6bu(vxHcISFr}82_Dndw2v|@~ERhez-hIHKg|MZu*ELZCsrmg!t?de()r`Mcm
zv#-Q%_zKlEX)(u0W$QYJoP}!zq9Ja-CY;)b#|3+>^ChVAXF{J~Crw=XcPDWNG1K<^
zu@K#G@}j9bc{@_<*mCuy!}t1of7$dkdiKq@XXu)^Ct=I{@8ORBBKiL>F_87Gdd?%h
z34c!d;IHsG;V666(ZtBnROE)eDSjd0<K;VhidPu_X`VSNaz;pm@7zgVUJ+j2@7IjS
z{$DS!vN5@3=K4RsAcdq$4=>>Oe?GzSmX)c4qmh;E|MxY*B4>F2{gCqOA2;zD5(QZm
KnM|qc5B@JW62>_I

literal 0
HcmV?d00001


Methods	Pros	Cons
PIN Reset	+ + Initiated through Jellyfin + +	+ + + Can confuse user + + Jellyfin doesn't tell you to check email/discord/telegram/matrix for a message with a PIN. + + + + No way to enforce password requirements + + User's password is set to the PIN, user must set their new password through Jellyfin. + + + Ombi Password will not change (if enabled) + +
Link Reset	+ + User doesn't have to keep Jellyfin's Password Reset page open + User doesn't have to type anything + Reminds user to change their password after it resets to the PIN code + Automatically changes password to PIN on Ombi + +	+ + Same as above + User will also have to manually change their Ombi password from the PIN + +
Internal Reset	+ + + Enforces password requirements + + Users are shown a page similar to the "Create Account" form + + + New password is also applied to Ombi + +	+ + Can confuse user in the same way as the above + +
"My Account" Reset	+ + Performed in the same place as other account management tasks + + Explains itself better than other methods + + The page tells the user to check their inbox for a link + + + +	+ + + "My Account" page may not be familiar to user + + For this feature to be used, users must know the "My Account" page exists + The page is already referenced on the signup form, but mentioning it on your Jellyfin instance or app portal might be a good idea. + + + +