feat(auth): B-2.1 ConsentLog model (Loi 25) + User MFA/OAuth/Stripe fields

- New src/models/consent.py — ConsentLog with user_id FK, consent_type
  ('cgu' | 'confidentialite' | 'marketing' | 'analytics'), version, granted
  bool, granted_at/revoked_at timestamps, ip_address (45 chars for IPv6),
  user_agent (500 chars). User.consent_logs backref. Audit trail per
  LPRPSP art. 14 (consent tracé) + art. 3.5 (journal).
- src/models/user.py: add 7 new columns (totp_secret, totp_enabled DEFAULT 0,
  webauthn_credentials JSON, ordre_pro, cabinet, stripe_customer_id,
  subscription_status). Do NOT duplicate existing sso_provider/sso_subject/
  email_verified/etc. (per compatibility-audit C4).
- src/init_db.py: 7 add_column_if_not_exists() calls for the new User
  columns + 2 create_index_if_not_exists() for stripe_customer_id and
  subscription_status. NO Alembic — init_db.py pattern matches
  compatibility-audit C3.
- src/models/__init__.py: register ConsentLog import.
- tests/test_consent_log.py: 7 tests — grant flow, 4 consent types, revoke
  preserves audit trail, User backref, NOT NULL on ip/UA, User.B-2.1 fields
  round-trip, defaults safe.

src/init_db.py

@@ -284,6 +284,31 @@ def initialize_database(app):
             app.logger.info("Added transcription_hotwords column to user table")
         if add_column_if_not_exists(engine, 'user', 'transcription_initial_prompt', 'TEXT'):
             app.logger.info("Added transcription_initial_prompt column to user table")
+
+        # === B-2.1: MFA / WebAuthn / Stripe / Loi 25 user fields ===
+        if add_column_if_not_exists(engine, 'user', 'totp_secret', 'VARCHAR(64)'):
+            app.logger.info("Added totp_secret column to user table")
+        if add_column_if_not_exists(engine, 'user', 'totp_enabled', 'BOOLEAN DEFAULT 0 NOT NULL'):
+            app.logger.info("Added totp_enabled column to user table")
+        if add_column_if_not_exists(engine, 'user', 'webauthn_credentials', 'JSON'):
+            app.logger.info("Added webauthn_credentials column to user table")
+        if add_column_if_not_exists(engine, 'user', 'ordre_pro', 'VARCHAR(50)'):
+            app.logger.info("Added ordre_pro column to user table")
+        if add_column_if_not_exists(engine, 'user', 'cabinet', 'VARCHAR(255)'):
+            app.logger.info("Added cabinet column to user table")
+        if add_column_if_not_exists(engine, 'user', 'stripe_customer_id', 'VARCHAR(120)'):
+            app.logger.info("Added stripe_customer_id column to user table")
+        if add_column_if_not_exists(engine, 'user', 'subscription_status', 'VARCHAR(20)'):
+            app.logger.info("Added subscription_status column to user table")
+
+        # === B-2.1: Indexes on stripe_customer_id and subscription_status ===
+        try:
+            if create_index_if_not_exists(engine, 'idx_user_stripe_customer', 'user', 'stripe_customer_id'):
+                app.logger.info("Created index idx_user_stripe_customer on user.stripe_customer_id")
+            if create_index_if_not_exists(engine, 'idx_user_subscription_status', 'user', 'subscription_status'):
+                app.logger.info("Created index idx_user_subscription_status on user.subscription_status")
+        except Exception as e:
+            app.logger.warning(f"Could not create B-2.1 user indexes: {e}")
         if add_column_if_not_exists(engine, 'tag', 'default_hotwords', 'TEXT'):
             app.logger.info("Added default_hotwords column to tag table")
         if add_column_if_not_exists(engine, 'tag', 'default_initial_prompt', 'TEXT'):

src/models/__init__.py

@@ -33,6 +33,7 @@ from .push_subscription import PushSubscription
 from .processing_job import ProcessingJob
 from .token_usage import TokenUsage
 from .transcription_usage import TranscriptionUsage
+from .consent import ConsentLog
 
 # Export all models
 __all__ = [
@@ -70,4 +71,5 @@ __all__ = [
     'ProcessingJob',
     'TokenUsage',
     'TranscriptionUsage',
+    'ConsentLog',
 ]

src/models/consent.py

@@ -0,0 +1,41 @@
+"""ConsentLog model — Loi 25 audit trail.
+
+Records every grant/revoke of user consent for: CGU, confidentiality (RPRP),
+marketing communications, analytics. Required by LPRPSP art. 14 (consent
+explicit and tracé) and art. 3.5 (audit trail).
+"""
+from datetime import datetime
+
+from src.database import db
+
+
+class ConsentLog(db.Model):
+    """Journal Loi 25 — traçabilité des consentements utilisateurs.
+
+    One row per (user, consent_type, version) state change. Granting,
+    revoking, and re-granting all create separate rows for the audit trail.
+    """
+    __tablename__ = 'consent_log'
+
+    id = db.Column(db.Integer, primary_key=True)
+    user_id = db.Column(db.Integer, db.ForeignKey('user.id'), nullable=False, index=True)
+
+    # 'cgu', 'confidentialite', 'marketing', 'analytics'
+    consent_type = db.Column(db.String(50), nullable=False)
+    # Version of the document accepted (e.g. '1.0', '2026-04-27')
+    version = db.Column(db.String(20), nullable=False)
+
+    granted = db.Column(db.Boolean, nullable=False)
+    granted_at = db.Column(db.DateTime, default=datetime.utcnow, nullable=False)
+    revoked_at = db.Column(db.DateTime, nullable=True)
+
+    # Source IP — supports both IPv4 (15 chars) and IPv6 (45 chars)
+    ip_address = db.Column(db.String(45), nullable=False)
+    user_agent = db.Column(db.String(500), nullable=False)
+
+    # Backref creates User.consent_logs
+    user = db.relationship('User', backref='consent_logs')
+
+    def __repr__(self):
+        action = 'granted' if self.granted else 'revoked'
+        return f"<ConsentLog user={self.user_id} type={self.consent_type} v={self.version} {action}>"

src/models/user.py

@@ -9,6 +9,8 @@ from datetime import datetime
 from flask_login import UserMixin
 from src.database import db
 
+# ConsentLog backref defined in src/models/consent.py — accessible as User.consent_logs
+
 
 class User(db.Model, UserMixin):
     """User model for authentication and profile management."""
@@ -62,6 +64,23 @@ class User(db.Model, UserMixin):
     transcription_hotwords = db.Column(db.Text, nullable=True)
     transcription_initial_prompt = db.Column(db.Text, nullable=True)
 
+    # === B-2.1: MFA / WebAuthn / Stripe / Loi 25 fields (Phase 2 backend) ===
+    # TOTP MFA (B-2.5) — chiffré au repos via SECRET_KEY (handled in service layer)
+    totp_secret = db.Column(db.String(64), nullable=True)
+    totp_enabled = db.Column(db.Boolean, default=False, nullable=False)
+
+    # WebAuthn / Passkey credentials (B-2.6) — list of credential dicts
+    webauthn_credentials = db.Column(db.JSON, nullable=True)
+
+    # Loi 25 + ordre professionnel context (used at signup B-2.2)
+    ordre_pro = db.Column(db.String(50), nullable=True)  # 'barreau', 'cpa', 'chad', etc.
+    cabinet = db.Column(db.String(255), nullable=True)
+
+    # Stripe billing (B-2.7 / B-2.8)
+    stripe_customer_id = db.Column(db.String(120), nullable=True, index=True)
+    # 'trialing' | 'active' | 'past_due' | 'canceled' | 'incomplete' | None
+    subscription_status = db.Column(db.String(20), nullable=True, index=True)
+
     def __repr__(self):
         return f"User('{self.username}', '{self.email}')"