As an authenticated user, I want to set up TOTP two-factor authentication, so that my account is protected with an additional security layer.
Given I am on my profile page Then a "Setup two factor authentication" section is displayed.
Given the TOTP setup section is shown Then a QR code is displayed that I can scan with my authenticator app.
Given the TOTP setup section is shown Then the secret key is also displayed as text for manual entry.
Given I enter a valid 6-digit code from my authenticator app When I click "Verify TOTP" Then the message "TOTP verified and enabled successfully." is displayed.
Given I enter an incorrect code Then an error message is displayed.
Given I am logged in as customer@practicesoftwaretesting.com or **admin@practicesoftwaretesting.com Then** TOTP setup is denied with "Access denied: If you want to configure TOTP, please create your own account."