models: add User.password_changed_at

First step of the self-service password-change feature: a timestamp
that backs the per-session freshness check used to invalidate other
sessions on password change.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

l4d2web/models.py

@@ -35,6 +35,7 @@ class User(Base):
     )
     created_at: Mapped[datetime] = mapped_column(DateTime, default=now_utc, nullable=False)
     updated_at: Mapped[datetime] = mapped_column(DateTime, default=now_utc, nullable=False)
+    password_changed_at: Mapped[datetime] = mapped_column(DateTime, default=now_utc, nullable=False)
 
 
 class Overlay(Base):

l4d2web/tests/test_models.py

@@ -18,3 +18,23 @@ def test_create_user_and_blueprint(tmp_path, monkeypatch) -> None:
 
         assert user.id is not None
         assert blueprint.id is not None
+
+
+def test_user_has_password_changed_at_default(tmp_path, monkeypatch):
+    from datetime import UTC, datetime
+    from l4d2web.app import create_app
+    from l4d2web.auth import hash_password
+
+    db_url = f"sqlite:///{tmp_path/'pw.db'}"
+    monkeypatch.setenv("DATABASE_URL", db_url)
+    create_app({"TESTING": True, "DATABASE_URL": db_url, "SECRET_KEY": "test"})
+    init_db()
+
+    before = datetime.now(UTC).replace(tzinfo=None)
+    with session_scope() as db:
+        db.add(User(username="alice", password_digest=hash_password("secret")))
+    with session_scope() as db:
+        user = db.query(User).filter_by(username="alice").one()
+
+    assert user.password_changed_at is not None
+    assert user.password_changed_at >= before