diff --git a/routes/index.js b/routes/index.js
index 4288c94..f019b7d 100644
--- a/routes/index.js
+++ b/routes/index.js
@@ -48,7 +48,7 @@ module.exports = ({ db, config }) => {
 
   router.use('/api', require('./api')({ db }))
 
-  router.use('/setup', require('./setup')(db))
+  router.use('/setup', require('./setup')({ db, ensurePfp }))
 
   router.use('/login', require('./login')({ ensurePfp }))
   router.use('/logout', require('./logout')())
diff --git a/routes/setup/index.js b/routes/setup/index.js
index 423fcc6..52c1d31 100644
--- a/routes/setup/index.js
+++ b/routes/setup/index.js
@@ -1,7 +1,7 @@
 const bcrypt = require('bcrypt-nodejs')
 const express = require('express')
 
-module.exports = (db) => {
+module.exports = ({ db, ensurePfp }) => {
   const router = express.Router()
 
   router.get('/',
@@ -19,19 +19,23 @@ module.exports = (db) => {
     async (req, res) => {
       const dbInfo = await db.info()
       if (dbInfo.doc_count === 0) {
-        bcrypt.hash(req.body.adminPassword, null, null, (err, adminPasswordHash) => {
-          if (err) throw err
-          db.put({
-            _id: req.body.adminUsername.trim(),
-            password: adminPasswordHash,
-            admin: true,
-            wishlist: []
+        const username = req.body.adminUsername.trim()
+        await new Promise((resolve, reject) => {
+          bcrypt.hash(req.body.adminPassword, null, null, (err, adminPasswordHash) => {
+            if (err) throw err
+            db.put({
+              _id: username,
+              password: adminPasswordHash,
+              admin: true,
+              wishlist: []
+            })
+            resolve()
           })
-          res.redirect('/')
         })
-      } else {
-        res.redirect('/')
+        await ensurePfp(username)
       }
+
+      res.redirect('/')
     }
   )