As a registered user, I want to log in with my credentials or via social login, with support for two-factor authentication, so that I can securely access my account.
Given I navigate to the login page Then email and password fields are displayed And a "Sign in with Google" button is shown.
Given I enter valid credentials
When I submit the form
Then I am redirected based on my role: /account for users, /admin/dashboard for admins.
Given I enter incorrect credentials Then the error "Invalid email or password" is displayed.
Given I have entered incorrect credentials 3 times consecutively When I try to log in again Then the error "Account locked, too many failed attempts. Please contact the administrator." is displayed And the API returns HTTP 423.
Given I am logging in as an admin Then the account is never locked regardless of failed attempts.
Given my account has been disabled by an administrator When I try to log in with valid credentials Then the error "Account disabled." is displayed And I am not authenticated.
Given I have TOTP enabled on my account When I submit valid email and password Then a 6-digit TOTP input field is displayed.